Skip to content

increase clarity of agent policies for EA packages #12168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Jan 16, 2025
Merged

increase clarity of agent policies for EA packages #12168

merged 0 commits into from
Jan 16, 2025

Conversation

jmcarlock
Copy link
Contributor

@jmcarlock jmcarlock commented Dec 19, 2024
edited
Loading

Proposed commit message

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs. This package does not use data streams.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices (No dashboards added)

How to test this PR locally

Small documentation changes only, tested with ep build.

Related issues

@jmcarlock jmcarlock added the enhancement New feature or request label Dec 19, 2024
@andrewkroh andrewkroh added Integration:beaconing Network Beaconing Identification Integration:dga Domain Generation Algorithm Detection labels Dec 19, 2024
@jmcarlock jmcarlock changed the title changes for DGA increase clarity of agent policies for EA packages Dec 19, 2024
@andrewkroh andrewkroh added Integration:ded Data Exfiltration Detection Integration:lmd Lateral Movement Detection Integration:problemchild Living off the Land Attack Detection labels Dec 19, 2024
@jmcarlock jmcarlock marked this pull request as ready for review December 19, 2024 21:20
@jmcarlock jmcarlock requested review from a team as code owners December 19, 2024 21:20
@jmcarlock jmcarlock requested a review from a team December 19, 2024 21:20
@andrewkroh andrewkroh added the Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] label Dec 19, 2024
pantea-elastic
pantea-elastic approved these changes Dec 19, 2024
View reviewed changes
Copy link

@pantea-elastic pantea-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jmcarlock
Copy link
Contributor Author

@elastic/ml-ui We are currently blocked from merging due to the failing buildkite build, however we don't have access to try rerunning the pipeline. Can you assist?

@alvarezmelissa87
Copy link
Contributor

@elastic/ml-ui We are currently blocked from merging due to the failing buildkite build, however we don't have access to try rerunning the pipeline. Can you assist?

Hi! Looks like this failure is coming from the beaconing package - I'm not sure we have context on that one. Looking at the kibana logs I'm seeing a lot of these failures:
image

Looks like the test might need to be updated to ensure that the expected pipeline is created if it is supposed to be.
Maybe someone from integrations who's worked on that package more recently would have more context. cc @sodhikirti07

Please feel free to reach out if you're still struggling on this in the next few days - thank you!

@jmcarlock
Copy link
Contributor Author

@alvarezmelissa87 Thank you! We were able to fix the build issue for beaconing, but before merging needed to resolve recent changes from main. It looks like the same file failed to download a few times due to a hash mismatch. Can you assist? We are unable to retry the build.

Screenshot 2025-01-06 at 3 41 04 PM

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

  • 💔 Build #20064 failed c5339724f3cad89047c1ecc21fecb4e657c27e81
  • 💚 Build #20058 succeeded b74b69302b34926295d26728edca9f2a35108a7f
  • 💔 Build #19735 failed 6e6267afa090780523e1ebbfddb0c7a0d14598aa

@jmcarlock
Copy link
Contributor Author

@alvarezmelissa87 Rerunning the Buildkite pipeline solved the issue, I pushed a small change to trigger it.

@jmcarlock jmcarlock merged commit aa79eb5 into main Jan 16, 2025
5 checks passed
@jmcarlock jmcarlock deleted the ea-packages-improve-agent-policy-docs branch January 16, 2025 15:05
@elastic-vault-github-plugin-prod
Copy link

Package beaconing - 1.2.3 containing this change is available at https://epr.elastic.co/package/beaconing/1.2.3/

@elastic-vault-github-plugin-prod
Copy link

Package ded - 2.2.1 containing this change is available at https://epr.elastic.co/package/ded/2.2.1/

@elastic-vault-github-plugin-prod
Copy link

Package dga - 2.1.1 containing this change is available at https://epr.elastic.co/package/dga/2.1.1/

@elastic-vault-github-plugin-prod
Copy link

Package lmd - 2.1.5 containing this change is available at https://epr.elastic.co/package/lmd/2.1.5/

@elastic-vault-github-plugin-prod
Copy link

Package problemchild - 2.2.1 containing this change is available at https://epr.elastic.co/package/problemchild/2.2.1/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@jmcarlock
increase clarity of agent policies for EA packages (elastic#12168)
ba46bf3 
* changes for DGA

* add pr number for DGA changelog

* make changes for beaconing

* make changes for ded

* add changes for lmd

* add changes for lotl detection

* bump transform version

* change decription
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@jmcarlock
increase clarity of agent policies for EA packages (elastic#12168)
4e8472b 
* changes for DGA

* add pr number for DGA changelog

* make changes for beaconing

* make changes for ded

* add changes for lmd

* add changes for lotl detection

* bump transform version

* change decription
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pantea-elastic pantea-elastic pantea-elastic approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request Integration:beaconing Network Beaconing Identification Integration:ded Data Exfiltration Detection Integration:dga Domain Generation Algorithm Detection Integration:lmd Lateral Movement Detection Integration:problemchild Living off the Land Attack Detection Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jmcarlock @alvarezmelissa87 @elasticmachine @pantea-elastic @andrewkroh