Skip to content

[first_epss] New integration #10758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 36 commits into from
Sep 6, 2024
Merged

[first_epss] New integration #10758

merged 36 commits into from
Sep 6, 2024

Conversation

@clement-fouque
Copy link
Contributor

@clement-fouque clement-fouque commented Aug 11, 2024
edited
Loading

Proposed commit message

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@clement-fouque clement-fouque marked this pull request as ready for review August 12, 2024 07:40
@clement-fouque
Copy link
Contributor Author

clement-fouque commented Aug 12, 2024

@elastic/security-service-integrations should this integration be owned by your team as it’s linked to vulnerabilities/CVE?

@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label Aug 13, 2024
@kcreddy
Copy link
Contributor

kcreddy commented Aug 20, 2024

should this integration be owned by your team as it’s linked to vulnerabilities/CVE?

@jamiehynds @narph can you confirm if this new integration should belong to us?

@jamiehynds
Copy link

jamiehynds commented Aug 20, 2024

should this integration be owned by your team as it’s linked to vulnerabilities/CVE?

@jamiehynds @narph can you confirm if this new integration should belong to us?

Hey @kcreddy - we're fine to review and publish, but should list the owner type as community.

@kcreddy kcreddy added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Aug 20, 2024
@kcreddy
Copy link
Contributor

kcreddy commented Aug 20, 2024
edited
Loading

@clement-fouque the CI is failing on missing codeowners for this integration.
Can you add this integration to .github/CODEOWNERS file and the owner as @elastic/security-service-integrations.

Please also update your manifest.yml to reflect same change and @jamiehynds comment above:

owner:
  github: elastic/security-service-integrations
  type: community

@clement-fouque
Copy link
Contributor Author

clement-fouque commented Aug 20, 2024

Thank you @jamiehynds and @kcreddy. I'll implement those changes.

@clement-fouque
Copy link
Contributor Author

clement-fouque commented Aug 20, 2024

@kcreddy please let me know if there are any pending tasks from my side. Thanks.

andrewkroh
andrewkroh reviewed Aug 21, 2024
View reviewed changes
kcreddy
kcreddy reviewed Aug 21, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add pipeline or system tests?

Also, if there are any conflicting review comments between me and Andrew's review, please apply changes suggested by Andrew. There might be few in titles and descriptions.

@clement-fouque clement-fouque requested a review from a team as a code owner September 3, 2024 21:01
@clement-fouque clement-fouque changed the title First EPSS integration creation [first_epss] New integration Sep 3, 2024
@elasticmachine
Copy link

elasticmachine commented Sep 3, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@clement-fouque
Copy link
Contributor Author

clement-fouque commented Sep 4, 2024

I've implemented all suggestions/remarks. Please let me know if there is anything else.

kcreddy
kcreddy approved these changes Sep 5, 2024
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some suggestions. Overall LGTM 👍🏼

packages/first_epss/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml
Comment on lines +43 to +47
- date:
field: json.date
tag: date_date
formats: [yyyy-MM-dd]
target_field: first_epss.vulnerability.date
Copy link
Contributor

@kcreddy kcreddy Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After this date processor you can assign the value to @timestamp so that it gets value from the event.

Reference: https://github.com/elastic/integrations/blob/main/packages/prisma_access/data_stream/event/elasticsearch/ingest_pipeline/default.yml#L4506-L4510

Copy link
Contributor Author

@clement-fouque clement-fouque Sep 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kcreddy I'm not sure I want to do this as this date corresponds to the time when First EPSS generated this data but not when it was ingested. We might have a gap up to 24 hours between the generated data and the ingestion.

As timestamp is the main date to "control" search, I think it's better to keep it as it is.

@elasticmachine
Copy link

elasticmachine commented Sep 5, 2024

💚 Build Succeeded

History

cc @clement-fouque

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Sep 5, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
98.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@clement-fouque
Copy link
Contributor Author

clement-fouque commented Sep 5, 2024

Can I squash and merge or should I wait from someone from the Integration team ?

@andrewkroh
Copy link
Member

andrewkroh commented Sep 5, 2024

@kreddy Can you take one final look and then please handle the merge with a well formed commit message like we aim for 😄 . Thanks.

@kcreddy kcreddy merged commit f62ba53 into elastic:main Sep 6, 2024
@elasticmachine
Copy link

elasticmachine commented Sep 6, 2024

Package first_epss - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=first_epss

@andrewkroh andrewkroh added the Integration:first_epss First EPSS (Community supported) label Sep 6, 2024
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@clement-fouque
[first_epss] New integration (elastic#10758)
4416458 
Create new integration package First EPSS.

Adds `vulnerability` datastream to collect exploit prediction score data 
from the First EPSS API.

- Adds the ingest pipeline for `vulnerability` data stream.
- Maps fields according to the ECS schema and added custom fields.
- Adds dashboard.
- Adds README.
- Adds test for pipeline for `vulnerability` data stream.
- Adds system test cases for `vulnerability` data stream.
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@clement-fouque
[first_epss] New integration (elastic#10758)
29f8b0f 
Create new integration package First EPSS.

Adds `vulnerability` datastream to collect exploit prediction score data 
from the First EPSS API.

- Adds the ingest pipeline for `vulnerability` data stream.
- Maps fields according to the ECS schema and added custom fields.
- Adds dashboard.
- Adds README.
- Adds test for pipeline for `vulnerability` data stream.
- Adds system test cases for `vulnerability` data stream.
@andrewkroh andrewkroh added maintainer:Community Community supported integration and removed Community labels Mar 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@jamiehynds jamiehynds jamiehynds left review comments

@jsoriano jsoriano jsoriano approved these changes

@kcreddy kcreddy kcreddy approved these changes

Assignees

@clement-fouque clement-fouque

Labels

Integration:first_epss First EPSS (Community supported) maintainer:Community Community supported integration New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@clement-fouque @kcreddy @jamiehynds @elasticmachine @andrewkroh @jsoriano