Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[mimecast] Cleanup field mappings and package description #3193

Merged
merged 18 commits into from
Apr 26, 2022
Merged

[mimecast] Cleanup field mappings and package description #3193

merged 18 commits into from
Apr 26, 2022

Conversation

andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented Apr 26, 2022
edited
Loading

What does this PR do?

  • Readme:
    • Format and sort readme sections
  • Dashboard:
    • Update dashboard field name
    • And fix a typo in mime_type.
  • Make integration description consistent
  • ttp_url_logs cleanup
    • Use ECS fields for ttp_url_logs.
    • Add missing event.created mapping.
  • ttp_ip_logs cleanup
    • Use ECS field definitions for ttp_ip_logs.
    • Add missing event.created mapping.
  • ttp_ap_logs cleanup
    • Use ECS field definitions for ttp_ap_logs.
    • It was using email.attachments.hash which is not a valid ECS field so I changed it to use email.attachments.file.hash.sha256.
  • threat_intel_malware_grid cleanup
    • Add missing ECS event field mappings.
  • threat_intel_malware_customer cleanup
    • Add missing ECS event fields.
  • siem_logs cleanup
    • Use ECS fields in siem_logs.
    • Remove email.message_size and email.header_from which are not part of ECS. Use mimecast.MsgSize and email.from.address instead.
    • Add allow_duplicates: false to email.{to,from}.address append processors.
    • Remove source.as.asn and source.as.organization_name and use the correct ECS fields.
  • dlp_logs cleanup
    • Use ECS fields for dlp_logs.
    • None of the mimecast.* fields are used so remove the mappings.
  • audit_logs cleanup
    • Use ECS fields for audit_logs.
    • Remove unused source.as.{asn,organization_name}.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@andrewkroh
Regenerate expected files for formatting purposes
8d3b9ad
@andrewkroh
Sort ecs.yml files
6e6b0ee 
[git-generate]
cd packages/mimecast
for i in $(find . -name ecs.yml); do yq -i '. | sort_keys(..) | sort_by(.name)' $i; done
@andrewkroh
audit_logs cleanup
90821a7 
Use ECS fields for audit_logs.

Remove unused source.as.{asn,organization_name}.
@andrewkroh
dlp_logs cleanup
396dec8 
Use ECS fields for dlp_logs.

None of the mimecast.* fields are used so remove the mappings.
@andrewkroh
siem_logs cleanup
8273b38 
Use ECS fields in siem_logs.

Remove email.message_size and email.header_from which are not part of ECS. Use mimecast.MsgSize and email.from.address instead.

Remove source.as.asn and source.as.organization_name and use the correct ECS fields.
@andrewkroh
threat_intel_malware_customer cleanup
0283a43 
Add missing ECS event fields.
@andrewkroh
threat_intel_malware_grid cleanup
4420140 
Add missing ECS event field mappings.
@andrewkroh
ttp_ap_logs cleanup
75aac87 
Use ECS field definitions for ttp_ap_logs.

It was using email.attachments.hash which is not a valid ECS field so I changed it to use email.attachments.file.hash.sha256.
@andrewkroh
Generate ttp_ap_logs
f43d900 
[git-generate]
cd packages/mimecast
elastic-package test pipeline -g -d=ttp_ap_logs
@andrewkroh
ttp_ip_logs cleanup
7a8bde0 
Use ECS field definitions for ttp_ip_logs.

Add missing event.created mapping.
@andrewkroh
ttp_url_logs cleanup
9e240ff 
Use ECS fields for ttp_url_logs.

Add missing event.created mapping.
@andrewkroh
Make integration description consistent
d7d42e4
@andrewkroh
Update dashboard field name
c30859e 
And fix a typo in mime_type.
@andrewkroh
Format and sort readme sections
142d6b0
@andrewkroh
Update readme
7fad2e2 
[git-generate]
cd packages/mimecast
elastic-package build
@andrewkroh andrewkroh requested a review from a team as a code owner April 26, 2022 02:38
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Apr 26, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-04-26T12:44:56.702+0000

  • Duration: 17 min 3 sec

Test stats 🧪

Test Results
Failed 0
Passed 61
Skipped 0
Total 61

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@andrewkroh andrewkroh requested a review from efd6 April 26, 2022 12:45
@elasticmachine
Copy link

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (8/8) 💚
Files 100.0% (8/8) 💚 2.941
Classes 100.0% (8/8) 💚 2.941
Methods 92.174% (106/115) 👍 4.392
Lines 82.877% (1181/1425) 👎 -5.701
Conditionals 100.0% (0/0) 💚

@andrewkroh andrewkroh merged commit e8ea741 into elastic:main Apr 26, 2022
@andrewkroh andrewkroh mentioned this pull request May 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees
No one assigned
Labels
Integration:mimecast Mimecast
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @elasticmachine @efd6