Skip to content

cisco_{asa,ftd}: harmonise pipelines #4380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2022
Merged

cisco_{asa,ftd}: harmonise pipelines #4380

merged 1 commit into from
Oct 13, 2022

Conversation

efd6
Copy link
Contributor

@efd6 efd6 commented Oct 5, 2022

What does this PR do?

This brings the cisco_asa and cisco_ftd ingest pipelines more into agreement though parts dealing with ECS categorisation remain distinct.

The changes in cisco_asa do not affect test outcomes and are for the most part cosmetic to reduce diff noise in future changes. It does add the malware event kind classification that exists in cisco_ftd.

The changes in cisco_ftd fix incorrect handling of:

  • network.inner/cisco.ftd.tunnel_type fields
  • 305012 events.

And add the network.community_id field to events.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@efd6 efd6 added bug Something isn't working, use only for issues enhancement New feature or request Team:Security-External Integrations Integration:cisco_ftd Cisco FTD Integration:cisco_asa Cisco ASA labels Oct 5, 2022
@efd6 efd6 self-assigned this Oct 5, 2022
@efd6 efd6 force-pushed the 2116-cisco_asa_ftd branch from 7e2c254 to 44243a4 Compare October 5, 2022 01:15
@elasticmachine
Copy link

elasticmachine commented Oct 5, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-10-12T00:44:19.302+0000

  • Duration: 18 min 4 sec

Test stats 🧪

Test Results
Failed 0
Passed 50
Skipped 0
Total 50

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Oct 5, 2022
edited
Loading

🚀 Benchmarks report

Package cisco_ftd 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
log 292.91 244.56 -48.35 (-16.51%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Oct 5, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚 2.496
Classes 100.0% (2/2) 💚 2.496
Methods 100.0% (36/36) 💚 9.668
Lines 74.826% (2788/3726) 👎 -16.811
Conditionals 100.0% (0/0) 💚

@efd6 efd6 marked this pull request as ready for review October 5, 2022 01:37
@efd6 efd6 requested a review from a team as a code owner October 5, 2022 01:37
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6
cisco_{asa,ftd}: harmonise pipelines
25ed220 
This brings the cisco_asa and cisco_ftd ingest pipelines more into agreement
though parts dealing with ECS categorisation remain distinct.

The changes in cisco_asa do not affect test outcomes and are for the most part
cosmetic to reduce diff noise in future changes. It does add the malware event
kind classification that exists in cisco_ftd.

The changes in cisco_ftd fix incorrect handling of:
- network.inner/cisco.ftd.tunnel_type fields
- 305012 events.

And add the network.community_id field to events.
@efd6 efd6 force-pushed the 2116-cisco_asa_ftd branch from 44243a4 to 25ed220 Compare October 12, 2022 00:44
taylor-swanson
taylor-swanson approved these changes Oct 12, 2022
View reviewed changes
Copy link
Contributor

@taylor-swanson taylor-swanson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only minor complaint is that the test file name test-ftd-fix.log is a little vague, but it's easy enough to look up the git commit to see what the fix is.

@efd6
Copy link
Contributor Author

efd6 commented Oct 12, 2022

@taylor-swanson Yeah, I was following the existing naming convention. I'm happy to change it if you would like.

@taylor-swanson
Copy link
Contributor

If you think of a good, short descriptive file name, go for it, otherwise I'm fine with it as-is.

@efd6
Copy link
Contributor Author

efd6 commented Oct 13, 2022

I'll leave it as is.

@efd6 efd6 merged commit 1870598 into elastic:main Oct 13, 2022
@andrewkroh andrewkroh mentioned this pull request Oct 20, 2022
Merged
@efd6 efd6 deleted the 2116-cisco_asa_ftd branch February 5, 2025 22:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylor-swanson taylor-swanson taylor-swanson approved these changes

Assignees

@efd6 efd6

Labels
bug Something isn't working, use only for issues enhancement New feature or request Integration:cisco_asa Cisco ASA Integration:cisco_ftd Cisco FTD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cisco package Needs sync with Beats module
3 participants
@efd6 @elasticmachine @taylor-swanson