Skip to content

[beyondtrust_pra] Initial release of the BeyondTrust PRA #13403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 15, 2025
Merged

[beyondtrust_pra] Initial release of the BeyondTrust PRA #13403

merged 4 commits into from
Apr 15, 2025

Conversation

janvi-elastic
Copy link
Contributor

@janvi-elastic janvi-elastic commented Apr 2, 2025
edited
Loading

Proposed commit message

The initial release includes an access_session data stream and associated dashboard
and visualizations.

BeyondTrust PRA fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from documentation, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/beyondtrust_pra directory.
  • Run the following command to run tests.

elastic-package test

--- Test results for package: beyondtrust_pra - START ---
╭─────────────────┬────────────────┬───────────┬──────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM    │ TEST TYPE │ TEST NAME                                                                │ RESULT │ TIME ELAPSED │
├─────────────────┼────────────────┼───────────┼──────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ beyondtrust_pra │                │ asset     │ dashboard beyondtrust_pra-7227e888-45cd-4e05-8ac3-f7d18c367bec is loaded │ PASS   │       1.38µs │
│ beyondtrust_pra │                │ asset     │ search beyondtrust_pra-6738050a-2a9a-403a-b785-9ea93f0aff61 is loaded    │ PASS   │        200ns │
│ beyondtrust_pra │ access_session │ asset     │ index_template logs-beyondtrust_pra.access_session is loaded             │ PASS   │        107ns │
│ beyondtrust_pra │ access_session │ asset     │ ingest_pipeline logs-beyondtrust_pra.access_session-0.1.0 is loaded      │ PASS   │        113ns │
╰─────────────────┴────────────────┴───────────┴──────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: beyondtrust_pra - END   ---
Done
--- Test results for package: beyondtrust_pra - START ---
╭─────────────────┬────────────────┬───────────┬───────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM    │ TEST TYPE │ TEST NAME                                 │ RESULT │ TIME ELAPSED │
├─────────────────┼────────────────┼───────────┼───────────────────────────────────────────┼────────┼──────────────┤
│ beyondtrust_pra │ access_session │ pipeline  │ (ingest pipeline warnings test-event.log) │ PASS   │ 295.273878ms │
│ beyondtrust_pra │ access_session │ pipeline  │ test-event.log                            │ PASS   │ 162.596393ms │
╰─────────────────┴────────────────┴───────────┴───────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: beyondtrust_pra - END   ---
Done
--- Test results for package: beyondtrust_pra - START ---
╭─────────────────┬────────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE         │ DATA STREAM    │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────────────┼────────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ beyondtrust_pra │ access_session │ static    │ Verify sample_event.json │ PASS   │ 120.963997ms │
╰─────────────────┴────────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: beyondtrust_pra - END   ---
Done
--- Test results for package: beyondtrust_pra - START ---
╭─────────────────┬────────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE         │ DATA STREAM    │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├─────────────────┼────────────────┼───────────┼───────────┼────────┼───────────────┤
│ beyondtrust_pra │ access_session │ system    │ common    │ PASS   │ 33.971497096s │
╰─────────────────┴────────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: beyondtrust_pra - END   ---
Done

Related issues

Screenshot

image
image

@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added New Integration Issue or pull request for creating a new integration package. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Crest Contributions from Crest developement team. labels Apr 2, 2025
@kcreddy kcreddy added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Apr 7, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

kcreddy
kcreddy reviewed Apr 8, 2025
View reviewed changes
@janvi-elastic janvi-elastic requested a review from a team as a code owner April 11, 2025 11:15
@kcreddy
Copy link
Contributor

kcreddy commented Apr 14, 2025

@janvi-elastic, may I know if the PR ready for a re-review?

@janvi-elastic
Copy link
Contributor Author

@janvi-elastic, may I know if the PR ready for a re-review?

Yes, We have resolved the review comments.

@janvi-elastic janvi-elastic requested a review from kcreddy April 15, 2025 04:13
kcreddy
kcreddy reviewed Apr 15, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarification on
#13403 (comment)

@elasticmachine
Copy link

💚 Build Succeeded

History

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
98.4% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@kcreddy kcreddy merged commit ea39f22 into elastic:main Apr 15, 2025
7 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package beyondtrust_pra - 0.1.0 containing this change is available at https://epr.elastic.co/package/beyondtrust_pra/0.1.0/

@andrewkroh andrewkroh added the Integration:beyondtrust_pra BeyondTrust PRA label Apr 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsoriano jsoriano jsoriano approved these changes

@kcreddy kcreddy kcreddy approved these changes

Assignees
No one assigned
Labels
Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. Integration:beyondtrust_pra BeyondTrust PRA New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[New Integration] BeyondTrust PRA
5 participants
@janvi-elastic @elasticmachine @kcreddy @jsoriano @andrewkroh