Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[winlogbeat] Add support for sysmon v13 events 24 and 25 #24945

Merged
merged 2 commits into from
Apr 14, 2021
Merged

[winlogbeat] Add support for sysmon v13 events 24 and 25 #24945

merged 2 commits into from
Apr 14, 2021

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Apr 6, 2021
edited
Loading

What does this PR do?

Adds support for new Sysmon v13 events 24 and 25

Why is it important?

To support last Sysmon improvements.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [] I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Closes #24217

@marc-gr marc-gr added enhancement needs_backport PR is waiting to be backported to other branches. Team:Security-External Integrations v7.13.0 needs_integration_sync Changes in this PR need synced to elastic/integrations. labels Apr 6, 2021
@marc-gr marc-gr requested a review from a team as a code owner April 6, 2021 11:33
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Apr 6, 2021
@marc-gr marc-gr force-pushed the winlogbeat-sysmon-v13 branch 2 times, most recently from c5f9dc7 to 9681bd4 Compare April 6, 2021 11:38
@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 6, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: Pull request #24945 updated

  • Start Time: 2021-04-14T07:24:15.652+0000

  • Duration: 37 min 57 sec

  • Commit: 0796acb

Test stats 🧪

Test Results
Failed 0
Passed 880
Skipped 0
Total 880

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 880
Skipped 0
Total 880

@marc-gr marc-gr requested a review from andrewkroh April 8, 2021 08:29
@marc-gr marc-gr force-pushed the winlogbeat-sysmon-v13 branch 2 times, most recently from 85235d8 to 040e988 Compare April 13, 2021 13:30
@marc-gr marc-gr added backport-v7.13.0 Automated backport with mergify and removed needs_backport PR is waiting to be backported to other branches. labels Apr 13, 2021
@marc-gr marc-gr merged commit 97e9113 into elastic:master Apr 14, 2021
@marc-gr marc-gr deleted the winlogbeat-sysmon-v13 branch April 14, 2021 08:51
@mergify mergify bot mentioned this pull request Apr 14, 2021
Merged
marc-gr added a commit that referenced this pull request Apr 14, 2021
@marc-gr
[winlogbeat] Add support for sysmon v13 events 24 and 25 (#24945)
a1d1c42 
* Add support for sysmon v13 events 24 and 25

* Remove category mapping for event 24

(cherry picked from commit 97e9113)
v1v added a commit to v1v/beats that referenced this pull request Apr 14, 2021
@v1v
Merge remote-tracking branch 'upstream/master' into feature/use-debian-9
1de2782 
* upstream/master: (308 commits)
  [winlogbeat] Add support for sysmon v13 events 24 and 25 (elastic#24945)
  mergify: add backport label (elastic#25050)
  Add pod.ip in k8s metadata (elastic#25037)
  [elastic-agent] Use fleet.url for container cmd (elastic#25026)
  disable TestXPackEnabled flaky test in logstash metricbeat module (elastic#25034)
  Leverege leader election in agent  k8s manifests (elastic#25016)
  libbeat/publisher/pipeline: expand monitoring (elastic#24700)
  libbeat: fix decode_json_fields config validation (elastic#24862)
  Remove make docs-preview instructions (elastic#25001)
  [Filebeat] Fix IPtables pipeline (elastic#24928)
  [DOCS] cd into correct directory before invoking mage. (elastic#17679)
  Add -buildmode=pie for supported platform (elastic#24964)
  Add agent's direcotry in k8s manifest generator (elastic#24987)
  [mergify] assign the original author (elastic#25007)
  Fix AWS module flaky tests (elastic#24852)
  [filebeat] Use fail_on_template_error on google_workspace and okta pagination (elastic#24967)
  Updated config to match defaults (elastic#25004)
  [Filebeat] Fix hardcoded amazonaws.com endpoint (elastic#24861)
  Add cloud.service.name to add_cloud_metadata (elastic#24993)
  [Ingest Manager] Expose processes and their metrics (elastic#24788)
  ...
marc-gr added a commit that referenced this pull request Apr 14, 2021
@marc-gr
[winlogbeat] Add support for sysmon v13 events 24 and 25 (#24945)
cf45266 
* Add support for sysmon v13 events 24 and 25

* Remove category mapping for event 24

(cherry picked from commit 97e9113)
marc-gr added a commit that referenced this pull request Apr 14, 2021
@mergify @marc-gr
[winlogbeat] Add support for sysmon v13 events 24 and 25 (#24945) (#2…
a02cf79 
…5067)

* Add support for sysmon v13 events 24 and 25

* Remove category mapping for event 24

(cherry picked from commit 97e9113)

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adriansr adriansr adriansr approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

Assignees
No one assigned
Labels
backport-v7.13.0 Automated backport with mergify enhancement needs_integration_sync Changes in this PR need synced to elastic/integrations. v7.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Sysmon module for v13.01 (EID 24 and 25)
4 participants
@marc-gr @elasticmachine @andrewkroh @adriansr