Security Integrations GA

[jamiehynds]

We have a number of integrations under Tech Preview/Beta which need to be moved to GA for 8.7. These integrations have been tested against the relevant data sources and have seen users adopt them without issues.

• Barracuda CloudGen
• Box Events
• Cisco Aironet*
• Cisco Umbrella (Datastream is tech preview)
• Cloudflare Logpush
• Cyberark PTA
• Darktrace
• F5 BIG-IP
• Github (Datatreams are beta/tech preview. Leave Issues datastream in Beta)
• Infoblox BloxOne DDI
• Jamf Compliance Reporter
• LastPass
• Microsoft Exchange Message Trace
• PingOne
• Rapid7 Threat Command
• Slack Logs*
• Sophos Central
• Trend Micro Vision One
• Journald Input

*Community developed

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[kcreddy]

@jamiehynds Sysmon for Linux requires more system tests before we can GA. Here's the tracking issue: #4784

• Sysmon for Linux
  • System tests
  • Dashboard
  • Documentation

[jamiehynds]

Thanks @kcreddy - removed from the list of integrations to GA.

[ShourieG]

@jamiehynds these were my findings for all the inputs listed :

• Barracuda CloudGen Firewall

  • System tests
  • Dashboard
  • Documentation (Could be improved)
  • Current Version - 0.3.1

• Box Events

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.4.1 (beta)

• Cisco Aironet*

  • System tests
  • Dashboard
  • Documentation (Very minimal, needs to be improved)
  • Current Version - 0.3.1

• Cisco Umbrella (Datastream is tech preview)

  • System tests (no system tests)
  • Dashboard
  • Documentation (Very minimal, needs to be improved)
  • Current Version - "1.6.2"

• Cloudflare Logpush (needs a bit of UI overhaul for the SQS queues)

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.6.0

• Cyberark PTA

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.4.1

• Darktrace

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.1

• F5 BIG-IP

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.1.0

• Github (Datatreams are beta/tech preview. Leave Issues datastream in Beta)

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 1.8.2

• Infoblox BloxOne DDI

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.1

• Jamf Compliance Reporter

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.5.0

• LastPass

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.1

• Microsoft Exchange Online Message Trace

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.4.1

• PingOne

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.1

• Ti Rapid7 Threat Command

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.1.0

• Slack Logs*

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.0

• Sophos Central

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.1.0

• Trend Micro Vision One

  • System tests
  • Dashboard
  • Documentation
  • Current Version - 0.3.1

• Journald Input

  • System tests - but no pipeline tests
  • Dashboard
  • Documentation (minimal)
  • Current Version - 0.0.5

Do we want to continue will all the integrations or remove ones without dashboards/system tests ?
cc: @narph

[jamiehynds]

Thanks for digging into this one @ShourieG. My preference is to proceed to GA as these integrations have been around for several releases and should be supported. We'll add any missing dashboards as part of wider task of adding/updating Lens dashboards to our integrations. Can create separate issues to add any missing system tests, documentation, etc.