Skip to content

[abnormal_security] Add Support for Not Analyzed Messages in Abuse Mailbox #13000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cpascale43 opened this issue Mar 6, 2025 · 1 comment · Fixed by #13483
Closed

[abnormal_security] Add Support for Not Analyzed Messages in Abuse Mailbox #13000

cpascale43 opened this issue Mar 6, 2025 · 1 comment · Fixed by #13483
Assignees
@chemamartinez
Labels
enhancement New feature or request Integration:abnormal_security Abnormal Security Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Comments

@cpascale43
Copy link

Description

The integration currently captures abuse campaigns but does not include messages that were not analyzed. Customers have requested support for the /abuse_mailbox/not_analyzed endpoint to include these messages.

Proposed Solution

  • Create a separate data stream for not analyzed messages.
  • Implement API calls to the /v1/abuse_mailbox/not_analyzed endpoint to fetch details of messages that were not analyzed.
  • Map the response fields to ensure compatibility with existing data streams.

API Reference

Additional Notes

  • The structure of not analyzed messages is different from abuse campaigns, so a separate data stream is necessary.
  • The implementation is estimated to be straightforward (XS to S complexity).
@cpascale43 cpascale43 added Integration:abnormal_security Abnormal Security Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Mar 6, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@cpascale43 cpascale43 added the enhancement New feature or request label Mar 6, 2025
@ShourieG ShourieG self-assigned this Mar 12, 2025
@narph narph assigned chemamartinez and unassigned ShourieG Mar 17, 2025
@chemamartinez chemamartinez mentioned this issue Apr 9, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chemamartinez chemamartinez

Labels
enhancement New feature or request Integration:abnormal_security Abnormal Security Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

abnormal_security: add support for Not Analyzed Messages data stream chemamartinez/integrations
4 participants
@elasticmachine @chemamartinez @cpascale43 @ShourieG