Skip to content

[Check Point Harmony Endpoint] New Integration #10780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 50 commits into from
Oct 25, 2024
Merged

[Check Point Harmony Endpoint] New Integration #10780

merged 50 commits into from
Oct 25, 2024

Conversation

gauravneelwarna
Copy link
Contributor

@gauravneelwarna gauravneelwarna commented Aug 13, 2024
edited by chrisberkhout
Loading

Proposed commit message

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@cla-checker-service CLA Checker Service
Copy link

cla-checker-service bot commented Aug 13, 2024
edited
Loading

💚 CLA has been signed

@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label Aug 13, 2024
@andrewkroh andrewkroh added the needs CLA User must sign the Elastic Contributor License before review. label Aug 19, 2024
@andrewkroh andrewkroh changed the title in progress [Check Point Harmony Endpoint] New Integration - WIP Aug 19, 2024
@chrisberkhout chrisberkhout marked this pull request as draft September 4, 2024 08:42
@chrisberkhout chrisberkhout self-requested a review September 4, 2024 08:42
@chrisberkhout chrisberkhout added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Sep 4, 2024
@chrisberkhout chrisberkhout mentioned this pull request Sep 20, 2024
Closed
8 tasks
chrisberkhout
chrisberkhout requested changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@chrisberkhout chrisberkhout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A lot of great work in this. I'm impressed!

Hopefully a lot of the comments will be quick to address. Some will take a bit more time but then I think we'll be done or very close.

packages/checkpoint_harmony_endpoint/img/sample-logo.svg Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file can be removed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still needs to be removed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's still there.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is removed from the manifest, but the file is still there in the img/ directory.

packages/checkpoint_harmony_endpoint/data_stream/antibot/agent/stream/antibot.yml.hbs Outdated
Comment on lines 2 to 5
{{#if enable_request_tracer}}
resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson"
resource.tracer.maxbackups: 5
{{/if}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The enable_request_tracer variable needs to be defined. Do it in the top level manifest.yml and make it default to false and not be shown to the user by default (so it will appear under "Advanced options").

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add it once to the top-level integration manifest, then it can be removed from each of the data stream manifests.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The definition of enable_request_tracer in the top level manifest still needs to have a default: false setting added.

@chrisberkhout
Copy link
Contributor

chrisberkhout commented Sep 20, 2024
edited
Loading

❌ Author of the following commits did not sign a Contributor Agreement: f943064, 2081cfd, c7d0b6a, 1b1fddd, 85f04eb, 2740521, 346f9a0, 2ef5cea, a84d705, de5f43a, b2565e3, b4c0ec1, 3db6cc6

Please, read and sign the above mentioned agreement if you want to contribute to this project

Please do this so we're able to merge when ready.

@efd6
Copy link
Contributor

efd6 commented Oct 17, 2024

@gauravneelwarna This PR cannot be reviewed until the CLA has been signed. From the list of commits shown by the CLA bot, there is a user called aniket-phapale. If this is you, please ensure that you have signed the CLA for that user as well. If it is not, please remove those commit from the change.

@gauravneelwarna
Copy link
Contributor Author

@gauravneelwarna This PR cannot be reviewed until the CLA has been signed. From the list of commits shown by the CLA bot, there is a user called aniket-phapale. If this is you, please ensure that you have signed the CLA for that user as well. If it is not, please remove those commit from the change.

@efd6 aniket-phapale and other 2 users signed CLA. Please confirm and let me know if you need copies of the individual agreements.

@chrisberkhout
Copy link
Contributor

@gauravneelwarna Did they sign via https://www.elastic.co/contributor-agreement?

We want to get this check to pass:

Screenshot From 2024-10-17 10-51-09

@gauravneelwarna
Copy link
Contributor Author

@gauravneelwarna Did they sign via https://www.elastic.co/contributor-agreement?

We want to get this check to pass:

Screenshot From 2024-10-17 10-51-09

yes

@chrisberkhout
Copy link
Contributor

/test

@gauravneelwarna
Copy link
Contributor Author

/test

chrisberkhout
chrisberkhout reviewed Oct 23, 2024
View reviewed changes
packages/checkpoint_harmony_endpoint/data_stream/antibot/manifest.yml
required: true
show_user: false
default:
- forwarded
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The diff above suggested to remove preserve_original_event and add forwarded, but preserve_original_event is still there. Please remove that also.

packages/checkpoint_harmony_endpoint/data_stream/antibot/agent/stream/antibot.yml.hbs Outdated
Comment on lines 2 to 5
{{#if enable_request_tracer}}
resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson"
resource.tracer.maxbackups: 5
{{/if}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The definition of enable_request_tracer in the top level manifest still needs to have a default: false setting added.

@chrisberkhout
Copy link
Contributor

/test

chrisberkhout
chrisberkhout reviewed Oct 23, 2024
View reviewed changes
@chrisberkhout
Copy link
Contributor

/test

@chrisberkhout
Copy link
Contributor

/test

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
91.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @gauravneelwarna

chrisberkhout
chrisberkhout approved these changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@chrisberkhout chrisberkhout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All review points addressed. Thanks! It looks good.

@chrisberkhout chrisberkhout merged commit 836ac57 into elastic:main Oct 25, 2024
5 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package checkpoint_harmony_endpoint - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=checkpoint_harmony_endpoint

@andrewkroh andrewkroh added Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint and removed needs CLA User must sign the Elastic Contributor License before review. labels Oct 28, 2024
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@gauravneelwarna @aniket-phapale @gitanjali-panhale
[Check Point Harmony Endpoint] New Integration (elastic#10780)
eea0fbc 
A new integration for Check Point Harmony Endpoint.

It uses the Check Point's Infinity Events API to get events related to
Harmony Endpoint.

The CEL program for each data stream is the same but each uses a
different filter to select particular types of events.

---------

Co-authored-by: aniket-phapale <aniket@GS-7038.GSLAB.COM>
Co-authored-by: gitanjali-panhale <gitanjali.panhale@gslab.com>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@gauravneelwarna @aniket-phapale @gitanjali-panhale
[Check Point Harmony Endpoint] New Integration (elastic#10780)
18e9a97 
A new integration for Check Point Harmony Endpoint.

It uses the Check Point's Infinity Events API to get events related to
Harmony Endpoint.

The CEL program for each data stream is the same but each uses a
different filter to select particular types of events.

---------

Co-authored-by: aniket-phapale <aniket@GS-7038.GSLAB.COM>
Co-authored-by: gitanjali-panhale <gitanjali.panhale@gslab.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aniket-phapale aniket-phapale aniket-phapale left review comments

@gitanjali-panhale gitanjali-panhale gitanjali-panhale left review comments

@chrisberkhout chrisberkhout chrisberkhout approved these changes

Assignees

@gauravneelwarna gauravneelwarna

Labels
Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[New Integration] Check Point Harmony Endpoint
7 participants
@gauravneelwarna @chrisberkhout @elasticmachine @efd6 @aniket-phapale @gitanjali-panhale @andrewkroh