Adding Sysdig connector #1630
Merged
Adding Sysdig connector #1630
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updating log analytics review comments. 1. Added transformer for converting int to float for latitude. 2.Updated TimestampConversion transformer to handle without milliseconds and added mappings for first and last observed. 3. Updated transformer to handle ConfidenceScore value is 'nan'.
This reverts commit 29d28d3.
Adding Sysdig connector
Enabled cert_verification only when self signed cert is passed
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #1630 +/- ##
===========================================
+ Coverage 86.01% 86.19% +0.17%
===========================================
Files 572 582 +10
Lines 48733 49794 +1061
===========================================
+ Hits 41919 42920 +1001
- Misses 6814 6874 +60 ☔ View full report in Codecov by Sentry. |
mdazam1942
reviewed
Dec 13, 2023
stix_shifter_modules/sysdig/stix_translation/json/to_stix_map.json
Outdated
Show resolved
Hide resolved
pod name added
changes are below: 1. x_ancestor_names combined as list and moved to x_parent_names under parent process 2. x_pcmdline is moved to command_line of parent process.
mdazam1942
reviewed
Jan 4, 2024
mdazam1942
reviewed
Jan 4, 2024
mdazam1942
reviewed
Jan 4, 2024
Added connector name in logger messages. Documentation reference mentioned in the doc string. x_direction field is removed.
Converting severity 1-100 value to data source allowed severity range 0-7 in query constructor.
mdazam1942
approved these changes
Jan 11, 2024
mdazam1942
merged commit e8066a4
into
opencybersecurityalliance:develop
5 checks passed
DerekRushton
pushed a commit
that referenced
this pull request
Jan 16, 2024
DerekRushton
added a commit
that referenced
this pull request
Jul 22, 2024
* CP4S-39527 Initial Translation Code - Draft * Tanium Threat Response * Fix Azure log analytics results translation. (#1612) Updating azure log analytics review comments. 1. Added transformer for converting int to float for latitude. 2.Updated TimestampConversion transformer to handle without milliseconds and added mappings for first and last observed. 3. Updated transformer to handle ConfidenceScore value is 'nan'. * Bump aioboto3 from 11.3.1 to 12.0.0 in /stix_shifter (#1611) Bumps [aioboto3](https://github.com/terrycain/aioboto3) from 11.3.1 to 12.0.0. - [Changelog](https://github.com/terrycain/aioboto3/blob/main/CHANGELOG.rst) - [Commits](terricain/aioboto3@v11.3.1...v12.0.0) --- updated-dependencies: - dependency-name: aioboto3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pyopenssl from 23.2.0 to 23.3.0 in /stix_shifter (#1610) Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 23.2.0 to 23.3.0. - [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst) - [Commits](pyca/pyopenssl@23.2.0...23.3.0) --- updated-dependencies: - dependency-name: pyopenssl dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * table of mapping script update for to-stix dialects (#1609) * Bump azure-identity from 1.14.1 to 1.15.0 in /stix_shifter (#1614) Bumps [azure-identity](https://github.com/Azure/azure-sdk-for-python) from 1.14.1 to 1.15.0. - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md) - [Commits](Azure/azure-sdk-for-python@azure-identity_1.14.1...azure-identity_1.15.0) --- updated-dependencies: - dependency-name: azure-identity dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump flatten-json from 0.1.13 to 0.1.14 in /stix_shifter (#1613) Bumps [flatten-json](https://github.com/amirziai/flatten) from 0.1.13 to 0.1.14. - [Release notes](https://github.com/amirziai/flatten/releases) - [Commits](https://github.com/amirziai/flatten/commits) --- updated-dependencies: - dependency-name: flatten-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update CHANGELOG.md for 6.3.0 * Cisco secure email added readme detailed file. (#1615) * Added tested communication code for Tanium * Added suggestions from Azam. * Fix parameter assignment in error handling function (#1616) * Remove future timestamp qualifier conditions (#1619) * Make sure certificate is verified when required by RestApiClientAsync (#1620) Deprecates selfSignedCert: false bypasss * Update CHANGELOG.md for 7.0.0 * add email-message translation to ecs (#1621) * Update group_ref keyword documenation (#1622) * Initial To Stix mapping - Event and Transformers * Another temporary commit to hold x-oca-event form * Finished up the to_stix mapping + test. * Removed additional event data. * Fixing the unittest failure * Another Attempt * Added the missing fields to the Tanium API response and request. * Updated toStix and fromStix * Update CHANGELOG.md for 7.0.1 * second half of email.* mapping for elastic_ecs (#1632) * Sysdig connector (#1630) * Update machine ID field in QRadar module (#1634) Co-authored-by: Kane Brennan <Kane.Brennan@ibm.com> * Sysdig Connector - Formatting issue in sysdig_supported_stix.md file corrected (#1635) * Added the readme (WIP) * Undid an unintended change. * Another Attempt to undo the change. * Removing one more unintended change. * One more unintended change. * Updated the sample for the unit test. * Azam's suggestions. * Cleaned out the testing code I had left. * Clean-up - Fixed up the readme. * Added Azam's suggestions * Cleaned the Json so it's standardized. * Removed the total size from the meta data as it's not needed. * Cleaning up some comments+fixed observation queries. Signed-off-by: DerekRushton <derek.rushton1@ibm.com> * Making the config values consistent. Signed-off-by: DerekRushton <derek.rushton1@ibm.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: DerekRushton <derek.rushton1@ibm.com> Co-authored-by: thangaraj-ramesh <92723742+thangaraj-ramesh@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Danny Elliott <danny.elliott@ibm.com> Co-authored-by: Md Azam <mdazam@ca.ibm.com> Co-authored-by: Xiaokui Shu <subbyte@gmail.com> Co-authored-by: Alex-Kidston <113187177+Alex-Kidston@users.noreply.github.com> Co-authored-by: Kane Brennan <Kane.Brennan@ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.