Skip to content

[proofpoint_itm] Initial release of Proofpoint ITM #13153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 20, 2025
Merged

[proofpoint_itm] Initial release of Proofpoint ITM #13153

merged 5 commits into from
Mar 20, 2025

Conversation

muskan-agarwal26
Copy link
Contributor

Proposed commit message

  • Added report data stream.
  • Added data collection logic for report data stream.
  • Added the ingest pipeline for report data streams.
  • Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files.
  • Added dashboard and visualizations.
  • Added test for pipeline for report data stream.
  • Added system test cases for report data stream.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/proofpoint_itm directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: proofpoint_itm - START ---
╭────────────────┬─────────────┬───────────┬─────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE        │ DATA STREAM │ TEST TYPE │ TEST NAME                                                               │ RESULT │ TIME ELAPSED │
├────────────────┼─────────────┼───────────┼─────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ proofpoint_itm │             │ asset     │ dashboard proofpoint_itm-29f45960-20a5-4ca4-a40a-ad1504eb8138 is loaded │ PASS   │        1.2µs │
│ proofpoint_itm │ report      │ asset     │ index_template logs-proofpoint_itm.report is loaded                     │ PASS   │        283ns │
│ proofpoint_itm │ report      │ asset     │ ingest_pipeline logs-proofpoint_itm.report-0.1.0 is loaded              │ PASS   │         95ns │
╰────────────────┴─────────────┴───────────┴─────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: proofpoint_itm - END   ---
Done
Run pipeline tests for the package
--- Test results for package: proofpoint_itm - START ---
╭────────────────┬─────────────┬───────────┬───────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE        │ DATA STREAM │ TEST TYPE │ TEST NAME                                 │ RESULT │ TIME ELAPSED │
├────────────────┼─────────────┼───────────┼───────────────────────────────────────────┼────────┼──────────────┤
│ proofpoint_itm │ report      │ pipeline  │ (ingest pipeline warnings test-alert.log) │ PASS   │ 710.451542ms │
│ proofpoint_itm │ report      │ pipeline  │ test-alert.log                            │ PASS   │ 209.903776ms │
╰────────────────┴─────────────┴───────────┴───────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: proofpoint_itm - END   ---
Done
Run policy tests for the package
--- Test results for package: proofpoint_itm - START ---
No test results
--- Test results for package: proofpoint_itm - END   ---
Done
Run static tests for the package
--- Test results for package: proofpoint_itm - START ---
╭────────────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE        │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├────────────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ proofpoint_itm │ report      │ static    │ Verify sample_event.json │ PASS   │ 189.061828ms │
╰────────────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: proofpoint_itm - END   ---
Done
Run system tests for the package
2025/03/18 12:46:18  INFO License text found in "/root/github/integrations/LICENSE.txt" will be included in package
2025/03/18 12:47:18  INFO Write container logs to file: /root/github/integrations/build/container-logs/proofpoint_itm-1742282238369280668.log
2025/03/18 12:47:29  INFO Write container logs to file: /root/github/integrations/build/container-logs/elastic-agent-1742282249272532443.log
--- Test results for package: proofpoint_itm - START ---
╭────────────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE        │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├────────────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤
│ proofpoint_itm │ report      │ system    │ default   │ PASS   │ 45.055908306s │
╰────────────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: proofpoint_itm - END   ---
Done

Screenshots

itm-1
itm-2

@kcreddy
Copy link
Contributor

kcreddy commented Mar 18, 2025

/test

@kcreddy kcreddy added Crest Contributions from Crest developement team. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 18, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@kcreddy kcreddy added New Integration Issue or pull request for creating a new integration package. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. labels Mar 18, 2025
@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

efd6
efd6 reviewed Mar 18, 2025
View reviewed changes
packages/proofpoint_itm/_dev/deploy/docker/files/config.yml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test only exercises a single API collections. We should make it collect at least two in order to test pagination.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we have only 2 query params, i.e, since, and limit, we are unable to have pagination call in system test.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's unfortunate. Can you confirm that it has been tested against a real endpoint then?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not convinced that the situation here prevents that. If you have a risingValue timestamp that cannot be reasonably expected to exist, say "3025-03-01T12:00:00Z", then you can filter the request query on since starting with a 2 and have the second rule filter on starting with a 3.

@muskan-agarwal26 muskan-agarwal26 requested a review from efd6 March 19, 2025 07:36
@efd6
Copy link
Contributor

efd6 commented Mar 19, 2025

/test

@efd6
Copy link
Contributor

efd6 commented Mar 20, 2025

/test

@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@efd6
Copy link
Contributor

efd6 commented Mar 20, 2025

@muskan-agarwal26 Before merge, can you note where the test data input cases were obtained from? For both the system and pipeline tests.

Proposed commit message body:

Add report data stream including collection and ingest logic with mapping to
the ECS, and dashboard visualisations.

Pipeline and system tests added with test inputs coming from <TBD>.

with <TBD> to be added when known.

@muskan-agarwal26
Copy link
Contributor Author

muskan-agarwal26 commented Mar 20, 2025
edited
Loading

@efd6
​Pipeline and system test data have been extracted from Splunk and sanitized to ensure data integrity

@muskan-agarwal26 muskan-agarwal26 requested a review from efd6 March 20, 2025 09:36
@efd6 efd6 merged commit 6962257 into elastic:main Mar 20, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package proofpoint_itm - 0.1.0 containing this change is available at https://epr.elastic.co/package/proofpoint_itm/0.1.0/

flexitrev pushed a commit that referenced this pull request Mar 25, 2025
@muskan-agarwal26 @flexitrev
[proofpoint_itm] Initial release of Proofpoint ITM (#13153)
5301c85 
Add report data stream including collection and ingest logic with mapping to
the ECS, and dashboard visualisations.

Pipeline and system test data have been extracted from Splunk and sanitized to
ensure data integrity.
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@muskan-agarwal26 @flexitrev
[proofpoint_itm] Initial release of Proofpoint ITM (#13153)
81506ae 
Add report data stream including collection and ingest logic with mapping to
the ECS, and dashboard visualisations.

Pipeline and system test data have been extracted from Splunk and sanitized to
ensure data integrity.
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@muskan-agarwal26 @flexitrev
[proofpoint_itm] Initial release of Proofpoint ITM (#13153)
9311616 
Add report data stream including collection and ingest logic with mapping to
the ECS, and dashboard visualisations.

Pipeline and system test data have been extracted from Splunk and sanitized to
ensure data integrity.
flexitrev pushed a commit that referenced this pull request Mar 28, 2025
@muskan-agarwal26 @flexitrev
[proofpoint_itm] Initial release of Proofpoint ITM (#13153)
4733335 
Add report data stream including collection and ingest logic with mapping to
the ECS, and dashboard visualisations.

Pipeline and system test data have been extracted from Splunk and sanitized to
ensure data integrity.
@efd6 efd6 mentioned this pull request Apr 8, 2025
Open
33 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 Awaiting requested review from efd6

Assignees
No one assigned
Labels
Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:proofpoint_itm Proofpoint ITM New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@muskan-agarwal26 @kcreddy @elasticmachine @efd6 @andrewkroh @muskan-crest