Skip to content

github: Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts #11518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Oct 30, 2024
Merged

github: Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts #11518

merged 12 commits into from
Oct 30, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Oct 25, 2024
edited
Loading

Proposed commit message

Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts.

With the latest transform, the latest state of each event
is saved inside the destination indices. The dashboards are also updated to
the new destination indices. Hence, the dashboards no longer show
inconsistencies with events (same event in 2 states).

Other changes:

  • Update fields inside fingerprint processor in code_scanning, secret_scanning,
    and dependabot to ingest all event updates.
  • Reformat fields to add package-fields.yml across all datastreams.
  • Remove github.state, github.severity due to inconsistency across datastreams.
    Update dashboards to use corresponding datastream-level fields instead.
  • Remove event.action field from code_scanning, secret_scanning, dependabot,
    and issues as it is redundant. Update dashboards to use data_stream.dataset instead.
  • Add navigation to all dashboards.
  • Upgrade legacy visualization to latest for code_scanning, secret_scanning, dependabot,
    and issues.
  • Change dashboards to point to destination index for issues, dependabot, code_scanning,
    and secret_scanning alerts.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • [] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

How to test this PR locally

Related issues

Screenshots

Before
Screenshot 2024-10-15 at 3 24 56 PM

After
Screenshot 2024-10-28 at 6 58 30 PM

Dashboards updated

Screenshot 2024-10-28 at 5 38 49 PM Screenshot 2024-10-28 at 12 32 19 PM

@kcreddy kcreddy changed the title github: Add latest transform for secret scanning github: Add latest transform for secret scanning alerts Oct 25, 2024
@kcreddy kcreddy changed the title github: Add latest transform for secret scanning alerts github: Add latest transforms for github issues, dependabot, code_scanning, and secret_scanning alerts Oct 28, 2024
@kcreddy kcreddy changed the title github: Add latest transforms for github issues, dependabot, code_scanning, and secret_scanning alerts github: Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts Oct 28, 2024
@kcreddy kcreddy added enhancement New feature or request breaking change Integration:github GitHub Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] dashboard Relates to a Kibana dashboard bug, enhancement, or modification. labels Oct 28, 2024
@kcreddy kcreddy self-assigned this Oct 28, 2024
@kcreddy kcreddy marked this pull request as ready for review October 28, 2024 13:25
@kcreddy kcreddy requested a review from a team as a code owner October 28, 2024 13:25
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 28, 2024
View reviewed changes
efd6
efd6 reviewed Oct 28, 2024
View reviewed changes
packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml Outdated
Comment on lines 7 to 12
- set:
field: event.kind
value: alert
- set:
field: event.action
value: "secret_scanning"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these something that could be a constant_keyword (similar for the other data streams)?

Copy link
Contributor Author

@kcreddy kcreddy Oct 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, let me do that. Also, setting datastream name to event.action doesn't make much sense. I will remove this field altogether. There are few dashboards still using event.action to filter on datastream. I will have to update them to data_stream.dataset.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in 54a4fed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated commit message and added changelog entry for the same.

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

Package github 👍(2) 💚(0) 💔(3)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
dependabot 5025.13 4237.29 -787.84 (-15.68%) 💔
issues 5347.59 3906.25 -1441.34 (-26.95%) 💔
secret_scanning 11494.25 9615.38 -1878.87 (-16.35%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @kcreddy

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate failed Quality Gate failed

Failed conditions
1 New issue

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

@kcreddy kcreddy requested a review from efd6 October 30, 2024 03:45
efd6
efd6 approved these changes Oct 30, 2024
View reviewed changes
packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json
"id": "",
"params": {
"fontSize": 12,
"markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [Advanced Security Overview](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [Code Scanning](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [**Secret Scanning (This Page)**](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [Dependabot](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [Issues](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the events ingested from Github.\n\nThe dashboard provides details on secret scanning alerts that are open and resolved. It deep-dives into the top 10 repositories where secret scanning alerts are found. It also calculates the mean-time to resolve (or dismiss) an open secret scanning alert. The dashboard presents a view of the type of secrets that are currently open. Finally, it gives a layout of top users resolving the secret scanning alerts.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just want to raise this issue here. I plan to raise it internally, so we can discuss then.

@kcreddy kcreddy merged commit 881c579 into elastic:main Oct 30, 2024
4 of 5 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package github - 2.0.0 containing this change is available at https://epr.elastic.co/search?package=github

@kcreddy kcreddy mentioned this pull request Oct 30, 2024
Merged
4 tasks
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@kcreddy
github: Add latest transforms for issues, dependabot, code_scanning, …
60f0de2 
…and secret_scanning alerts (elastic#11518)

Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts.

With the latest transform, the latest state of each event
is saved inside the destination indices. The dashboards are also updated to 
the new destination indices. Hence, the dashboards no longer show 
inconsistencies with events (same event in 2 states).

Other changes:
- Update fields inside fingerprint processor in code_scanning, secret_scanning, 
  and dependabot to ingest all event updates.
- Reformat fields to add package-fields.yml across all datastreams.
- Remove github.state, github.severity due to inconsistency across datastreams. 
  Update dashboards to use corresponding datastream-level fields instead.
- Remove event.action field from code_scanning, secret_scanning, dependabot, 
  and issues as it is redundant. Update dashboards to use `data_stream.dataset` instead.
- Add navigation to all dashboards. 
- Upgrade legacy visualization to latest for code_scanning, secret_scanning, dependabot, 
  and issues.
- Change dashboards to point to destination index for issues, dependabot, code_scanning, 
  and secret_scanning alerts.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@kcreddy
github: Add latest transforms for issues, dependabot, code_scanning, …
45afe65 
…and secret_scanning alerts (elastic#11518)

Add latest transforms for issues, dependabot, code_scanning, and secret_scanning alerts.

With the latest transform, the latest state of each event
is saved inside the destination indices. The dashboards are also updated to 
the new destination indices. Hence, the dashboards no longer show 
inconsistencies with events (same event in 2 states).

Other changes:
- Update fields inside fingerprint processor in code_scanning, secret_scanning, 
  and dependabot to ingest all event updates.
- Reformat fields to add package-fields.yml across all datastreams.
- Remove github.state, github.severity due to inconsistency across datastreams. 
  Update dashboards to use corresponding datastream-level fields instead.
- Remove event.action field from code_scanning, secret_scanning, dependabot, 
  and issues as it is redundant. Update dashboards to use `data_stream.dataset` instead.
- Add navigation to all dashboards. 
- Upgrade legacy visualization to latest for code_scanning, secret_scanning, dependabot, 
  and issues.
- Change dashboards to point to destination index for issues, dependabot, code_scanning, 
  and secret_scanning alerts.
@kcreddy kcreddy deleted the github-updates branch February 7, 2025 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

@kcreddy kcreddy

Labels
breaking change dashboard Relates to a Kibana dashboard bug, enhancement, or modification. enhancement New feature or request Integration:github GitHub Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
3 participants
@kcreddy @elasticmachine @efd6