[nozomi_networks] Initial release of the Nozomi Networks #14192

janvi-elastic · 2025-06-10T09:52:14Z

Proposed commit message

The initial release includes an alert, asset, audit, health, node, node cve, session and variable data stream and associated dashboards and visualizations.

Nozomi Networks fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from documentation.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Clone integrations repo.
Install elastic package locally.
Start elastic stack using elastic-package.
Move to integrations/packages/nozomi_networks directory.
Run the following command to run tests.

elastic-package test

--- Test results for package: nozomi_networks - START ---
╭─────────────────┬─────────────┬───────────┬──────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM │ TEST TYPE │ TEST NAME                                                                │ RESULT │ TIME ELAPSED │
├─────────────────┼─────────────┼───────────┼──────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-1b267947-931d-484b-bf52-52981e3c7a72 is loaded │ PASS   │        1.3µs │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-445285cb-457b-426c-9e27-f5130213f4f0 is loaded │ PASS   │        263ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-627fed53-e5a9-4d4b-844b-ab08b7ea4b6e is loaded │ PASS   │        220ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-746a513f-0db6-4865-8752-9b8204476309 is loaded │ PASS   │        213ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-a58e56a7-001f-4d72-b8f6-ab64f78ae4b9 is loaded │ PASS   │        262ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-bbccdaca-9655-43d1-92d3-372b18416cfb is loaded │ PASS   │        246ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-c6154d1b-776c-4052-876f-672dc30d4d9b is loaded │ PASS   │        277ns │
│ nozomi_networks │             │ asset     │ dashboard nozomi_networks-f899124c-9613-4c3d-9683-4eb6955fe6e1 is loaded │ PASS   │        389ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-19ad2e84-f2bc-4d1e-aa92-c77569d494dd is loaded    │ PASS   │        207ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-1c432ce9-4dac-4d29-8af0-753149442f93 is loaded    │ PASS   │        294ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-5c8641d5-86a3-4416-aa1c-e4ea411e3977 is loaded    │ PASS   │        219ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-6747716f-6b0f-4df5-a148-1ea4baaee099 is loaded    │ PASS   │        246ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-a4451c02-96b0-421c-b194-675320626f93 is loaded    │ PASS   │        337ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-c977f218-a7de-45c0-81ba-98b318209429 is loaded    │ PASS   │        261ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-e1375950-71d1-4edf-bdc7-c796424137c9 is loaded    │ PASS   │        283ns │
│ nozomi_networks │             │ asset     │ search nozomi_networks-f985cae2-2186-4c00-bbdd-a56da35740b4 is loaded    │ PASS   │        296ns │
│ nozomi_networks │ alert       │ asset     │ index_template logs-nozomi_networks.alert is loaded                      │ PASS   │        181ns │
│ nozomi_networks │ alert       │ asset     │ ingest_pipeline logs-nozomi_networks.alert-0.1.0 is loaded               │ PASS   │        111ns │
│ nozomi_networks │ asset       │ asset     │ index_template logs-nozomi_networks.asset is loaded                      │ PASS   │        147ns │
│ nozomi_networks │ asset       │ asset     │ ingest_pipeline logs-nozomi_networks.asset-0.1.0 is loaded               │ PASS   │         94ns │
│ nozomi_networks │ audit       │ asset     │ index_template logs-nozomi_networks.audit is loaded                      │ PASS   │        199ns │
│ nozomi_networks │ audit       │ asset     │ ingest_pipeline logs-nozomi_networks.audit-0.1.0 is loaded               │ PASS   │        135ns │
│ nozomi_networks │ health      │ asset     │ index_template logs-nozomi_networks.health is loaded                     │ PASS   │        193ns │
│ nozomi_networks │ health      │ asset     │ ingest_pipeline logs-nozomi_networks.health-0.1.0 is loaded              │ PASS   │        343ns │
│ nozomi_networks │ node        │ asset     │ index_template logs-nozomi_networks.node is loaded                       │ PASS   │        290ns │
│ nozomi_networks │ node        │ asset     │ ingest_pipeline logs-nozomi_networks.node-0.1.0 is loaded                │ PASS   │        142ns │
│ nozomi_networks │ node_cve    │ asset     │ index_template logs-nozomi_networks.node_cve is loaded                   │ PASS   │        266ns │
│ nozomi_networks │ node_cve    │ asset     │ ingest_pipeline logs-nozomi_networks.node_cve-0.1.0 is loaded            │ PASS   │        134ns │
│ nozomi_networks │ session     │ asset     │ index_template logs-nozomi_networks.session is loaded                    │ PASS   │        173ns │
│ nozomi_networks │ session     │ asset     │ ingest_pipeline logs-nozomi_networks.session-0.1.0 is loaded             │ PASS   │        218ns │
│ nozomi_networks │ variable    │ asset     │ index_template logs-nozomi_networks.variable is loaded                   │ PASS   │        214ns │
│ nozomi_networks │ variable    │ asset     │ ingest_pipeline logs-nozomi_networks.variable-0.1.0 is loaded            │ PASS   │        173ns │
╰─────────────────┴─────────────┴───────────┴──────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: nozomi_networks - END   ---
Done
--- Test results for package: nozomi_networks - START ---
╭─────────────────┬─────────────┬───────────┬──────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM │ TEST TYPE │ TEST NAME                                    │ RESULT │ TIME ELAPSED │
├─────────────────┼─────────────┼───────────┼──────────────────────────────────────────────┼────────┼──────────────┤
│ nozomi_networks │ alert       │ pipeline  │ (ingest pipeline warnings test-alert.log)    │ PASS   │ 278.760629ms │
│ nozomi_networks │ alert       │ pipeline  │ test-alert.log                               │ PASS   │ 138.841804ms │
│ nozomi_networks │ asset       │ pipeline  │ (ingest pipeline warnings test-asset.log)    │ PASS   │ 289.170025ms │
│ nozomi_networks │ asset       │ pipeline  │ test-asset.log                               │ PASS   │ 152.618365ms │
│ nozomi_networks │ audit       │ pipeline  │ (ingest pipeline warnings test-audit.log)    │ PASS   │ 279.440899ms │
│ nozomi_networks │ audit       │ pipeline  │ test-audit.log                               │ PASS   │ 140.011518ms │
│ nozomi_networks │ health      │ pipeline  │ (ingest pipeline warnings test-health.log)   │ PASS   │ 298.169464ms │
│ nozomi_networks │ health      │ pipeline  │ test-health.log                              │ PASS   │ 100.293512ms │
│ nozomi_networks │ node        │ pipeline  │ (ingest pipeline warnings test-node.log)     │ PASS   │ 269.487823ms │
│ nozomi_networks │ node        │ pipeline  │ test-node.log                                │ PASS   │ 161.607014ms │
│ nozomi_networks │ node_cve    │ pipeline  │ (ingest pipeline warnings test-node-cve.log) │ PASS   │ 280.604096ms │
│ nozomi_networks │ node_cve    │ pipeline  │ test-node-cve.log                            │ PASS   │ 162.118496ms │
│ nozomi_networks │ session     │ pipeline  │ (ingest pipeline warnings test-session.log)  │ PASS   │ 291.457497ms │
│ nozomi_networks │ session     │ pipeline  │ test-session.log                             │ PASS   │ 141.843067ms │
│ nozomi_networks │ variable    │ pipeline  │ (ingest pipeline warnings test-variable.log) │ PASS   │ 324.354109ms │
│ nozomi_networks │ variable    │ pipeline  │ test-variable.log                            │ PASS   │ 109.064892ms │
╰─────────────────┴─────────────┴───────────┴──────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: nozomi_networks - END   ---
Done
--- Test results for package: nozomi_networks - START ---
╭─────────────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ nozomi_networks │ alert       │ static    │ Verify sample_event.json │ PASS   │ 124.802388ms │
│ nozomi_networks │ asset       │ static    │ Verify sample_event.json │ PASS   │ 128.843484ms │
│ nozomi_networks │ audit       │ static    │ Verify sample_event.json │ PASS   │ 119.640439ms │
│ nozomi_networks │ health      │ static    │ Verify sample_event.json │ PASS   │ 107.720316ms │
│ nozomi_networks │ node        │ static    │ Verify sample_event.json │ PASS   │ 129.066183ms │
│ nozomi_networks │ node_cve    │ static    │ Verify sample_event.json │ PASS   │ 118.109431ms │
│ nozomi_networks │ session     │ static    │ Verify sample_event.json │ PASS   │ 118.361272ms │
│ nozomi_networks │ variable    │ static    │ Verify sample_event.json │ PASS   │ 104.712795ms │
╰─────────────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: nozomi_networks - END   ---
Done
--- Test results for package: nozomi_networks - START ---
╭─────────────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE         │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├─────────────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤
│ nozomi_networks │ alert       │ system    │ common    │ PASS   │ 35.740940312s │
│ nozomi_networks │ asset       │ system    │ common    │ PASS   │ 40.345831969s │
│ nozomi_networks │ audit       │ system    │ common    │ PASS   │ 35.306105754s │
│ nozomi_networks │ health      │ system    │ common    │ PASS   │  39.12733361s │
│ nozomi_networks │ node        │ system    │ common    │ PASS   │ 38.357328733s │
│ nozomi_networks │ node_cve    │ system    │ common    │ PASS   │ 37.271393494s │
│ nozomi_networks │ session     │ system    │ common    │ PASS   │  39.24410909s │
│ nozomi_networks │ variable    │ system    │ common    │ PASS   │ 37.026970599s │
╰─────────────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: nozomi_networks - END   ---
Done

Related issues

Closes [New Integration] Nozomi Networks #13867

Screenshot

elastic-vault-github-plugin-prod · 2025-06-10T10:23:32Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine · 2025-06-10T11:46:11Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

kcreddy

I only checked alert and asset datastreams.

packages/nozomi_networks/_dev/deploy/docker/files/config.yml

packages/nozomi_networks/data_stream/alert/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json

packages/nozomi_networks/manifest.yml

packages/nozomi_networks/data_stream/alert/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/asset/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/audit/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/node/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/node_cve/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/session/agent/stream/cel.yml.hbs

packages/nozomi_networks/data_stream/variable/agent/stream/cel.yml.hbs

efd6

LGTM but please wait for @kcreddy

packages/nozomi_networks/data_stream/alert/sample_event.json

kcreddy · 2025-06-17T10:14:39Z

packages/nozomi_networks/data_stream/alert/elasticsearch/ingest_pipeline/default.yml

+  - set:
+      field: event.severity
+      tag: set_event_severity_from_alert_severity
+      copy_from: nozomi_networks.alert.severity
+      ignore_empty_value: true


And we don’t have any official documentation to show the severity levels for this range.

If no docs, I suggest please reach out to Nozomi if you are in contact already to understand how we can correspond their 0-10 range into Elastic range.

Or document it as a known limitation (inside README) that event.severity isn't normalised as per Elastic Security Solution. This should be eventually fixed before making integration GA.

packages/nozomi_networks/data_stream/asset/_dev/test/pipeline/test-asset.log-expected.json

packages/nozomi_networks/data_stream/node_cve/sample_event.json

...ages/nozomi_networks/data_stream/node_cve/_dev/test/pipeline/test-node-cve.log-expected.json

packages/nozomi_networks/manifest.yml

kcreddy

LGTM mostly. Pending:

Recent doc updates: #14192 (comment)
event.severity normalisation: #14192 (comment)

kcreddy · 2025-06-20T05:56:55Z

packages/nozomi_networks/_dev/build/docs/README.md

Can you please check #14014 and conform the README to this latest standard as suggested by our docs team?
Take a look at proofpoint_itm or qualys_vmdr for example from the PR. They have similar README (agentless related) to this one.

Can you please update your README template too? cc: @piyush-elastic

…README documentation

elasticmachine · 2025-06-24T09:02:25Z

💚 Build Succeeded

Buildkite Build
Commit: 04d77d7

History

💚 Build #27382 succeeded a9164f5
💚 Build #27198 succeeded a728eea
💚 Build #27074 succeeded ef173e1

elastic-sonarqube · 2025-06-24T09:02:33Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

kcreddy

Thank you!

elastic-vault-github-plugin-prod · 2025-06-24T09:29:15Z

Package nozomi_networks - 0.1.0 containing this change is available at https://epr.elastic.co/package/nozomi_networks/0.1.0/

The initial release includes an alert, asset, audit, health, node, node cve, session and variable data stream and associated dashboards and visualizations. Nozomi Networks fields are mapped to their corresponding ECS fields where possible. Test samples were derived from documentation.

Initial release

4bda927

janvi-elastic requested a review from a team as a code owner June 10, 2025 09:52

Update changelog

ef173e1

kcreddy added New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jun 10, 2025

kcreddy added Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. labels Jun 10, 2025

kcreddy reviewed Jun 11, 2025

View reviewed changes

efd6 reviewed Jun 11, 2025

View reviewed changes

Resolve review comments

a728eea

janvi-elastic requested review from kcreddy and efd6 June 16, 2025 05:40

efd6 approved these changes Jun 16, 2025

View reviewed changes

kcreddy reviewed Jun 17, 2025

View reviewed changes

Resolve review comments

a9164f5

kcreddy reviewed Jun 20, 2025

View reviewed changes

Normalise event.severity as per Elastic Security Solution and update …

04d77d7

…README documentation

kcreddy approved these changes Jun 24, 2025

View reviewed changes

kcreddy merged commit 691ea25 into elastic:main Jun 24, 2025
7 checks passed

andrewkroh added the Integration:nozomi_networks Nozomi Networks label Jun 24, 2025

andrewkroh added the documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. label Jul 1, 2025

[nozomi_networks] Initial release of the Nozomi Networks #14192

[nozomi_networks] Initial release of the Nozomi Networks #14192

Uh oh!

Conversation

janvi-elastic commented Jun 10, 2025

Proposed commit message

Checklist

How to test this PR locally

Related issues

Screenshot

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 10, 2025

🚀 Benchmarks report

Uh oh!

elasticmachine commented Jun 10, 2025

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

efd6 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

kcreddy Jun 17, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kcreddy left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

kcreddy Jun 20, 2025

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented Jun 24, 2025

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented Jun 24, 2025

Quality Gate passed

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented Jun 24, 2025

Uh oh!

Uh oh!

kcreddy left a comment •

edited

Loading