Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add vulnerability management integration #5266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Feb 23, 2023
Merged

Add vulnerability management integration #5266

merged 19 commits into from
Feb 23, 2023

Conversation

amirbenun
Copy link
Contributor

@amirbenun amirbenun commented Feb 14, 2023
edited
Loading

What does this PR do?

Add a new cloud security policy template for vulnerability management that will form as a new integration
Resolves #5328

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@amirbenun amirbenun added the enhancement New feature or request label Feb 14, 2023
@amirbenun amirbenun requested a review from a team as a code owner February 14, 2023 04:48
@amirbenun amirbenun marked this pull request as draft February 14, 2023 04:49
@elasticmachine
Copy link

elasticmachine commented Feb 14, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-23T10:48:54.908+0000

  • Duration: 14 min 9 sec

Test stats 🧪

Test Results
Failed 0
Passed 4
Skipped 0
Total 4

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@opauloh
Copy link
Contributor

opauloh commented Feb 14, 2023
edited
Loading

Hi @amirbenun,

Here's the icon for vulnerability management in case you want to include it in your PR

SVG

<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 32 32">
  <path fill="#00BFB3" fill-rule="evenodd" d="M11.05 2.086 6.808 6.329 16 15.52l9.192-9.192-4.242-4.243L16 7.036l-4.95-4.95Z" clip-rule="evenodd"/>
  <path fill="#FA744E" d="M4.686 19.764a8 8 0 0 1 0-11.314L16 19.764v11.313L4.686 19.763Z"/>
  <path fill="#343741" d="M27.314 8.45a8 8 0 0 1 0 11.314L16 31.077V19.763L27.314 8.45Z"/>
</svg>

File (to add to packages/cloud_security_posture/img/logo_vuln_mgnt.svg)

logo_vuln_mgnt

Suggested changes to add to manifest.yaml

    icons:
      - src: /img/logo_vuln_mgnt.svg
        title: Vulnerability Management logo
        size: 32x32
        type: image/svg+xml

kfirpeled
kfirpeled reviewed Feb 14, 2023
View reviewed changes
kfirpeled
kfirpeled reviewed Feb 20, 2023
View reviewed changes
kfirpeled
kfirpeled reviewed Feb 20, 2023
View reviewed changes
@elasticmachine
Copy link

elasticmachine commented Feb 20, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (0/0) 💚
Files 100.0% (0/0) 💚
Classes 100.0% (0/0) 💚
Methods 25.0% (2/8) 👎 -40.753
Lines 100.0% (0/0) 💚 0.465
Conditionals 100.0% (0/0) 💚

@amirbenun
Copy link
Contributor Author

image

@amirbenun amirbenun marked this pull request as ready for review February 22, 2023 09:44
kfirpeled
kfirpeled approved these changes Feb 22, 2023
View reviewed changes
Copy link
Contributor

@kfirpeled kfirpeled left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

oren-zohar
oren-zohar requested changes Feb 22, 2023
View reviewed changes
...cloud_security_posture/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml
processors:
- set:
field: ecs.version
value: '8.6.0'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't it be the same version as the ELK version?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I copied it from the findings data-stream. @kfirpeled what is the reason it points to 8.6?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because that is the ECS version we support, it is defined here: https://github.com/elastic/integrations/blob/main/packages/cloud_security_posture/_dev/build/build.yml

oren-zohar
oren-zohar requested changes Feb 22, 2023
View reviewed changes
packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml
type: date
description: The commit time of the Cloudbeat.
default_field: false
- name: kubernetes.version
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed from the wrong place?

packages/cloud_security_posture/manifest.yml Outdated
title: Vulnerability Management
description: Scan for cloud resources vulnerabilities
categories:
- Vulnerability Management
Copy link
Contributor

@oren-zohar oren-zohar Feb 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Vulnerability Management
- vulnerability_management

It looks like Credential Management is credential_management here (for reference categories.yml)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the CI didn't like that in any case

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should work based on the latest version of the package-registry

@oren-zohar
Copy link
Contributor

Hey @mrodm the CI fails on the new vulnerability_management category, wasn't that suppose to be supported in the latest release? are we missing something here?

[2023-02-22T18:24:16.518Z]    1. file "/var/lib/jenkins/workspace/est-manager_integrations_PR-5266/src/github.com/elastic/integrations/packages/cloud_security_posture/manifest.yml" is invalid: field policy_templates.2.categories.0: policy_templates.2.categories.0 must be one of the following: "analytics_engine", "application_observability", "app_search", "auditd", "authentication", "aws", "azure", "big_data", "cdn_security", "cloud", "config_management", "connector", "connector_client", "connector_package", "containers", "content_source", "crawler", "credential_management", "crm", "custom", "custom_logs", "database_security", "datastore", "dns_security", "edr_xdr", "elasticsearch_sdk", "elastic_stack", "email_security", "enterprise_search", "firewall_security", "google_cloud", "iam", "ids_ips", "infrastructure", "java_observability", "kubernetes", "language_client", "languages", "load_balancer", "message_queue", "monitoring", "monitoring_infrastructure", "native_search", "network", "network_security", "notification", "observability", "os_system", "process_manager", "productivity", "productivity_security", "proxy_security", "sdk_search", "security", "stream_processing", "support", "threat_intel", "ticketing", "version_control", "virtualization", "vpn_security", "web", "web_application_firewall", "websphere", "workplace_search"

@amirbenun amirbenun merged commit 0afe6ab into elastic:main Feb 23, 2023
@amirbenun amirbenun deleted the add_vuln_mgmt branch February 23, 2023 11:04
@mrodm
Copy link
Collaborator

mrodm commented Feb 23, 2023

Hey @mrodm the CI fails on the new vulnerability_management category, wasn't that suppose to be supported in the latest release? are we missing something here?

Checking the elastic-package version used (v0.74.0) here in the integrations repository, it does not contain the needed package-spec version (v2.5.1) that includes that new category.

A new release v0.75.0 has been created, once this version is updated in the integrations repository that category could be added in the packages.

agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 20, 2023
@amirbenun @agithomas
Add vulnerability management integration (elastic#5266)
8dfbd60
agithomas pushed a commit to agithomas/integrations that referenced this pull request Mar 21, 2023
@amirbenun @agithomas
Add vulnerability management integration (elastic#5266)
4e08bb1
@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview4 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview5 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview6 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview7 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview8 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview9 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview10 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0-preview91 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@elasticmachine
Copy link

Package cloud_security_posture - 1.3.0 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

@kfirpeled kfirpeled added the Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] label Jun 26, 2023
@elasticmachine
Copy link

Package cloud_security_posture - 1.3.1 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kfirpeled kfirpeled kfirpeled approved these changes

@oren-zohar oren-zohar oren-zohar approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Team:Cloud Security Cloud Security team [elastic/cloud-security-posture]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the vulnerability management integration
6 participants
@amirbenun @elasticmachine @opauloh @oren-zohar @mrodm @kfirpeled