-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat] MISP improvements #23070
[Filebeat] MISP improvements #23070
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
42c3563
to
a9dcc1a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, as discussed before I think we need to move from UUID to using the fingerprint processor on the ID field instead to create a document id.
Maybe also we should set the http_timeout to 120s instead, as it might sometime include a very large amount of data.
- Add id based on body uuid - Add pagination and cursor - Migrate to httpjson v2
a9dcc1a
to
9f78035
Compare
- Add id based on body uuid - Add pagination and cursor - Migrate to httpjson v2 (cherry picked from commit e0d654a)
What does this PR do?
Why is it important?
MISP current implementation was lacking pagination or state, making it a bit complicated to be used in production set ups. This changes take advantage of the new httpjson v2 features to improve the module.
Checklist
- [] My code follows the style guidelines of this project- [ ] I have commented my code, particularly in hard-to-understand areasCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.