Skip to content

[TI MISP] Add IOC expiration support #8639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kcreddy merged 14 commits into from
Dec 21, 2023
Merged

[TI MISP] Add IOC expiration support #8639

kcreddy merged 14 commits into from
Dec 21, 2023

Conversation

@kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Dec 4, 2023
edited
Loading

Proposed commit message

Add IOC expiration support using decay_score response object. More details on the approach here.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

$ cd packages/ti_misp && elastic-package stack down && elastic-package build && elastic-package stack up --version=8.11.0 -d -v && eval "$(elastic-package stack shellinit)" && elastic-package test system --generate -v --data-streams threat_attributes

--- Test results for package: ti_misp - START ---
╭─────────┬───────────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE │ DATA STREAM       │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├─────────┼───────────────────┼───────────┼───────────┼────────┼───────────────┤
│ ti_misp │ threat_attributes │ system    │ default   │ PASS   │ 42.238310416s │
╰─────────┴───────────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: ti_misp - END   ---
Done

Related issues

Screenshots

Screenshot 2023-12-04 at 4 14 38 PM Screenshot 2023-12-04 at 4 14 47 PM

@kcreddy kcreddy self-assigned this Dec 4, 2023
@kcreddy kcreddy requested a review from andrewkroh December 4, 2023 12:31
@kcreddy kcreddy marked this pull request as ready for review December 4, 2023 12:34
@kcreddy kcreddy requested a review from a team as a code owner December 4, 2023 12:34
@elasticmachine
Copy link

elasticmachine commented Dec 4, 2023

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

elasticmachine commented Dec 4, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-12-06T07:12:32.299+0000

  • Duration: 17 min 17 sec

Test stats 🧪

Test Results
Failed 0
Passed 18
Skipped 0
Total 18

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link

elasticmachine commented Dec 4, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (2/2) 💚
Files 100.0% (2/2) 💚
Classes 100.0% (2/2) 💚
Methods 100.0% (29/29) 💚
Lines 83.12% (650/782)
Conditionals 100.0% (0/0) 💚

@kcreddy kcreddy marked this pull request as draft December 4, 2023 16:38
@elasticmachine
Copy link

elasticmachine commented Dec 4, 2023

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@kcreddy kcreddy marked this pull request as ready for review December 4, 2023 18:03
@kcreddy kcreddy added the enhancement New feature or request label Dec 4, 2023
@kcreddy kcreddy requested a review from efd6 December 21, 2023 08:38
efd6
efd6 approved these changes Dec 21, 2023
View reviewed changes
@kcreddy kcreddy merged commit 94f6474 into elastic:main Dec 21, 2023
@elasticmachine
Copy link

elasticmachine commented Dec 21, 2023

Package ti_misp - 1.28.0 containing this change is available at https://epr.elastic.co/search?package=ti_misp

v1v added a commit that referenced this pull request Dec 21, 2023
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
3e599b5 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
qcorporation pushed a commit that referenced this pull request Feb 3, 2025
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
7a91099 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
qcorporation pushed a commit that referenced this pull request Feb 4, 2025
@v1v
Merge remote-tracking branch 'upstream/main' into v1v-patch-1
2b2dec7 
* upstream/main: (117 commits)
  [TI MISP] Add IOC expiration support (#8639)
  Add CSPM Rules 6.2, 6.3 and 6.4 (#8778)
  [Infoblox NIOS] Update timestamp parsing logic (#8767)
  [Rapid7 InsightVM] Split vulnerability categories into array (#8768)
  [Exchange Online Message Trace] Add Additional Look-back Time & Fix Cursor Value (#8717)
  [Buildkite] Update bucket settings (#8765)
  Remove Jenkins .ci folder (#8766)
  First part of removal of Jenkins jobs (#8763)
  misp: parse URIs for URI type threats (#8760)
  [amazon_security_lake] Added support for all the OCSF Classes (#8579)
  [Buildkite] Update settings for integrations pipeline (#8758)
  [TI ThreatQ] Add IOC expiration support (#8691)
  [ti_opencti] Support OpenCTI 5.12 by removing filters parameter (#8744)
  [Cribl] Updating setup guidance for Cribl field (#8746)
  crowdstrike: add userinfo enrichment support and map fields to ECS (#8742)
  [etcd] Enable TSDB for metrics datastream (#8649)
  Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#8749)
  auditd: relax field_split pattern and handle AVC header (#8748)
  Update cloud packages codeowner (#8672)
  [O11Y] [AWS Billing] Convert "Total Estimated Charges" visualization to new metric (#8509)
  ...
@kcreddy kcreddy deleted the misp_ioc branch February 7, 2025 09:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

Assignees

@kcreddy kcreddy

Labels

enhancement New feature or request Integration:ti_misp MISP

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[TI_MISP] Add support for IOC expiration

3 participants

@kcreddy @elasticmachine @efd6