Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elastic-ecs mapping improvements for network traffic attributes #1410

Merged
merged 61 commits into from
Apr 27, 2023
Merged

Elastic-ecs mapping improvements for network traffic attributes #1410

merged 61 commits into from
Apr 27, 2023

Conversation

Harmedox
Copy link
Contributor

@Harmedox Harmedox commented Mar 30, 2023
edited
Loading

This pull request addresses issues #1407, #1408, #1409, #1412.

Harmedox and others added 30 commits February 20, 2023 07:45
@Harmedox
consolidate network-traffic and x-ecs-network attributes
4e52ee3
@Harmedox
consolidate network-traffic and x-ecs-network attributes
65772c4
@Harmedox
consolidate network-traffic and x-ecs-network attributes
ca9ac4d
@Harmedox
add missing network.vlan attribute in elastic_ecs mapping
75fc74e
@Harmedox
add missing network.vlan attribute in elastic_ecs mapping
3982504
@Harmedox
add missing network.vlan attribute in elastic_ecs mapping
a841279
@Harmedox
combine inner vlan and vlan into a single custom object
9eb8031
@Harmedox
combine inner vlan and vlan into a single custom object
3264667
@Harmedox
combine inner vlan and vlan into a single custom object
9a20947
@Harmedox
consolidate the object reference for the network-traffic custom attri…
338ab75 
…butes in to_stix_map
@Harmedox
transfer network attribute changes to STIX 2.1
177fec1
@Harmedox
transfer network attribute changes to STIX 2.1
011fcba
@Harmedox
transfer network attribute changes to STIX 2.1
4b14606
@Harmedox
consolidate x-ecs-user attributes into user-account
6a8903e
@Harmedox
consolidate x-ecs-user attributes into user-account
c05e679
@Harmedox
consolidate x-ecs-user attributes into user-account
1162f48
@Harmedox
consolidate x-ecs-user attributes into user-account
902749a
@Harmedox
consolidate x-ecs-user attributes into user-account
9880a9c
@Harmedox
consolidate x-ecs-user attributes into user-account
3316347
@Harmedox
Merge branch 'opencybersecurityalliance:develop' into develop
1a9aad8
@Harmedox
update network object unit test
b825580
@Harmedox
WIP: represent the pe attributes in file SCO using software SCO
03e9b50
@Harmedox
refer to pe attributes in file object using the software SCO
1a94ee4
@Harmedox
refer to pe attributes in file object using the software SCO
498426c
@Harmedox
refer to pe attributes in file object using the software SCO
cc81195
@Harmedox
refer to pe attributes in file object using the software SCO in v2.1
ee05033
@Harmedox
refer to pe attributes in file object using the software SCO in v2.1
f1b2151
@Harmedox
refer to pe attributes in file object using the software SCO in v2.1
3b0c997
@Harmedox
remove tests for x_pe from the elastic_ecs_connector mapping
6cb1cde
@Harmedox
add software_ref test to replace the x_pe test in test_x_ecs_event
b1073ab
delliott90
delliott90 reviewed Apr 4, 2023
View reviewed changes
stix_shifter_modules/elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json Outdated
"geo": {
"city_name": {
"key": "x-ecs-client.geo_city_name",
"object": "client"
"key": "x-ecs-geo.city_name",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should just create a generic custom geography object instead of tying it to ecs. Someone else is currently working on the mappings for the log analytics connector, and there is also a need there to capture geo information.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to agree. There was a comment to that effect too. We can have it mimic the properties of the Location SDO to achieve genericity and completeness.

mdazam1942
mdazam1942 reviewed Apr 10, 2023
View reviewed changes
Copy link
Member

@mdazam1942 mdazam1942 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update your fork while creating this pr? it shows 51 commits in the pr which suggest your fork branch is out of date.

@Harmedox Harmedox changed the base branch from develop to release/5.0.x April 10, 2023 21:02
@Harmedox Harmedox changed the base branch from release/5.0.x to develop April 10, 2023 21:02
@Harmedox
Copy link
Contributor Author

I just confirmed that my fork branch is up to date. However, it's still an error from my end as the PR is showing commits from #1378. The contribution for this PR starts from the 81d2a7a commit.

mdazam1942
mdazam1942 suggested changes Apr 26, 2023
View reviewed changes
Copy link
Member

@mdazam1942 mdazam1942 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few unittests are failing.

@codecov
Copy link

codecov bot commented Apr 26, 2023
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (develop@9f6160f). Click here to learn what that means.
Patch coverage: 100.00% of modified lines in pull request are covered.

❗ Current head 3dbc456 differs from pull request most recent head ff8cb3f. Consider uploading reports for the commit ff8cb3f to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             develop    #1410   +/-   ##
==========================================
  Coverage           ?   85.37%           
==========================================
  Files              ?      589           
  Lines              ?    44541           
  Branches           ?        0           
==========================================
  Hits               ?    38028           
  Misses             ?     6513           
  Partials           ?        0
Impacted Files Coverage Δ
...stix_translation/test_elastic_ecs_stix_to_query.py 97.76% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@delliott90 delliott90 merged commit cb03034 into opencybersecurityalliance:develop Apr 27, 2023
delliott90 pushed a commit that referenced this pull request May 3, 2023
@Harmedox @delliott90
Elastic-ecs mapping improvements for network traffic attributes (#1410)
a27e2f5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdazam1942 mdazam1942 mdazam1942 approved these changes

@delliott90 delliott90 delliott90 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Harmedox @delliott90 @mdazam1942