Skip to content

Add Ingest Pipeline script to map IANA Protocol Numbers #2470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 11, 2022
Merged

Add Ingest Pipeline script to map IANA Protocol Numbers #2470

merged 9 commits into from
Feb 11, 2022

Conversation

legoguy1000
Copy link
Contributor

@legoguy1000 legoguy1000 commented Jan 5, 2022
edited
Loading

What does this PR do?

Adds an Ingest Pipeline script to multiple network based integrations to map IANA Protocol Numbers (1,6,17..) to their associated name (icmp, tcp, udp...)

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@elasticmachine
Copy link

elasticmachine commented Jan 5, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-02-10T05:19:19.387+0000

  • Duration: 42 min 6 sec

Test stats 🧪

Test Results
Failed 0
Passed 407
Skipped 0
Total 407

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@legoguy1000 legoguy1000 force-pushed the 2463-protocol-numbers branch from 787dc04 to 76816e0 Compare January 5, 2022 20:31
@efd6
Copy link
Contributor

efd6 commented Jan 5, 2022

/test

efd6
efd6 approved these changes Jan 5, 2022
View reviewed changes
@andrewkroh
Copy link
Member

I think a few more IANA numbers should be added to the list. This issue mentions several other values that show up frequently in the user's network (like SCTP).

@legoguy1000
Copy link
Contributor Author

I'll add them.

@legoguy1000
Copy link
Contributor Author

Updated script with additional IANA numbers.

andrewkroh
andrewkroh approved these changes Jan 7, 2022
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

/test

@andrewkroh
Copy link
Member

/test

@legoguy1000 legoguy1000 force-pushed the 2463-protocol-numbers branch from c736d27 to 3dab1b7 Compare January 11, 2022 23:56
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@legoguy1000 legoguy1000 force-pushed the 2463-protocol-numbers branch from 3dab1b7 to 1b10b82 Compare February 10, 2022 04:36
@andrewkroh andrewkroh merged commit f3abaa1 into elastic:main Feb 11, 2022
@andrewkroh andrewkroh added Integration:aws AWS Integration:checkpoint Check Point Integration:Fortinet (Deprecated) Use one of the specific fortinet_X labels. [Integration not found in source] Integration:crowdstrike CrowdStrike labels Feb 11, 2022
@andrewkroh andrewkroh added Integration:gcp Google Cloud Platform Integration:juniper_srx Juniper SRX labels Feb 11, 2022
This was referenced Feb 14, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
Integration:aws AWS Integration:checkpoint Check Point Integration:crowdstrike CrowdStrike Integration:Fortinet (Deprecated) Use one of the specific fortinet_X labels. [Integration not found in source] Integration:gcp Google Cloud Platform Integration:juniper_srx Juniper SRX
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Checkpoint | Map IANA Protocol Numbers
5 participants
@legoguy1000 @elasticmachine @efd6 @andrewkroh @jamiehynds