Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SysmonForLinux | New integration to support Sysmon logs for Linux #4531

Merged
merged 10 commits into from
Dec 8, 2022
Merged

SysmonForLinux | New integration to support Sysmon logs for Linux #4531

merged 10 commits into from
Dec 8, 2022

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Nov 2, 2022
edited
Loading

What does this PR do?

This new integration adds support for syslog from Sysmon events in Linux environments

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Related issues

@kcreddy kcreddy added the enhancement New feature or request label Nov 2, 2022
@elasticmachine
Copy link

elasticmachine commented Nov 2, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-12-08T10:53:55.940+0000

  • Duration: 14 min 22 sec

Test stats 🧪

Test Results
Failed 0
Passed 6
Skipped 0
Total 6

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Nov 14, 2022
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (1/1) 💚
Files 100.0% (1/1) 💚 2.927
Classes 100.0% (1/1) 💚 2.927
Methods 86.667% (13/15) 👎 -0.913
Lines 54.137% (530/979) 👎 -38.417
Conditionals 100.0% (0/0) 💚

@kcreddy kcreddy marked this pull request as ready for review November 14, 2022 14:43
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

andrewkroh
andrewkroh reviewed Nov 14, 2022
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just leaving some high level comments. I did not review the ingest node pipeline.

@andrewkroh andrewkroh added the Integration:sysmon_linux Sysmon for Linux label Nov 14, 2022
P1llus
P1llus reviewed Nov 15, 2022
View reviewed changes
Copy link
Member

@P1llus P1llus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Outside of some small things it seems good. Lets resolve Andrews comments first.

@kcreddy kcreddy self-assigned this Nov 16, 2022
@kcreddy kcreddy changed the title Sysmon | New integration to support Sysmon logs for Linux SysmonForLinux | New integration to support Sysmon logs for Linux Nov 16, 2022
@kcreddy kcreddy mentioned this pull request Dec 8, 2022
Closed
@kcreddy kcreddy merged commit 5c6167b into elastic:main Dec 8, 2022
@elasticmachine
Copy link

Package sysmon_linux - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=sysmon_linux

@jamesspi
Copy link

jamesspi commented Dec 8, 2022

Great to see this come to life 🙌

@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label Aug 13, 2024
@kcreddy kcreddy deleted the sysmon_linux branch February 7, 2025 08:37
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@P1llus P1llus P1llus left review comments

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@kcreddy kcreddy

Labels
enhancement New feature or request Integration:sysmon_linux Sysmon for Linux New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sysmon for Linux
5 participants
@kcreddy @elasticmachine @jamesspi @andrewkroh @P1llus