Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Filebeat] MISP improvements #23070

Merged
merged 1 commit into from
Dec 14, 2020
Merged

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Dec 10, 2020

What does this PR do?

  • Add id based on body uuid
  • Add pagination and cursor
  • Migrate to httpjson v2

Why is it important?

MISP current implementation was lacking pagination or state, making it a bit complicated to be used in production set ups. This changes take advantage of the new httpjson v2 features to improve the module.

Checklist

- [] My code follows the style guidelines of this project
- [ ] I have commented my code, particularly in hard-to-understand areas

  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@marc-gr marc-gr added enhancement Filebeat Filebeat needs_backport PR is waiting to be backported to other branches. Team:Security-External Integrations labels Dec 10, 2020
@marc-gr marc-gr requested a review from a team December 10, 2020 15:25
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Dec 10, 2020
@marc-gr marc-gr force-pushed the migrate_misp_httpjsonv2 branch 2 times, most recently from 42c3563 to a9dcc1a Compare December 10, 2020 15:34
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, as discussed before I think we need to move from UUID to using the fingerprint processor on the ID field instead to create a document id.

Maybe also we should set the http_timeout to 120s instead, as it might sometime include a very large amount of data.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Dec 10, 2020

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #23070 updated

  • Start Time: 2020-12-14T08:58:13.877+0000

  • Duration: 43 min 23 sec

Test stats 🧪

Test Results
Failed 0
Passed 5096
Skipped 570
Total 5666

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 5096
Skipped 570
Total 5666

- Add id based on body uuid
- Add pagination and cursor
- Migrate to httpjson v2
@marc-gr marc-gr merged commit e0d654a into elastic:master Dec 14, 2020
@marc-gr marc-gr deleted the migrate_misp_httpjsonv2 branch December 14, 2020 10:14
@marc-gr marc-gr added v7.11.0 and removed needs_backport PR is waiting to be backported to other branches. labels Dec 14, 2020
marc-gr added a commit to marc-gr/beats that referenced this pull request Dec 14, 2020
- Add id based on body uuid
- Add pagination and cursor
- Migrate to httpjson v2

(cherry picked from commit e0d654a)
marc-gr added a commit that referenced this pull request Dec 14, 2020
- Add id based on body uuid
- Add pagination and cursor
- Migrate to httpjson v2

(cherry picked from commit e0d654a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants