- Notifications
You must be signed in to change notification settings - Fork545
[Cisco Duo] New data stream for Activity logs#11394
[Cisco Duo] New data stream for Activity logs#11394chemamartinez merged 32 commits intoelastic:mainfrom
Conversation
elasticmachine commentedOct 10, 2024
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
elastic-vault-github-plugin-prodbot commentedOct 10, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
🚀 Benchmarks reportPackage |
| Data stream | Previous EPS | New EPS | Diff (%) | Result |
|---|---|---|---|---|
auth | 2564.1 | 1385.04 | -1179.06 (-45.98%) | 💔 |
offline_enrollment | 25641.03 | 14925.37 | -10715.66 (-41.79%) | 💔 |
telephony | 43478.26 | 27027.03 | -16451.23 (-37.84%) | 💔 |
telephony_v2 | 15873.02 | 11235.96 | -4637.06 (-29.21%) | 💔 |
trust_monitor | 9009.01 | 7299.27 | -1709.74 (-18.98%) | 💔 |
To see the full report comment with/test benchmark fullreport
packages/cisco_duo/data_stream/activity/_dev/test/system/test-default-config.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
packages/cisco_duo/data_stream/activity/elasticsearch/ingest_pipeline/default.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/cisco_duo/data_stream/activity/elasticsearch/ingest_pipeline/default.ymlShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/cisco_duo/data_stream/activity/elasticsearch/ingest_pipeline/default.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/cisco_duo/data_stream/activity/elasticsearch/ingest_pipeline/default.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/cisco_duo/data_stream/activity/elasticsearch/ingest_pipeline/default.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Though note the concern about the string(list) conversion.
packages/cisco_duo/data_stream/trust_monitor/agent/stream/cel.yml.hbs OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Something about real-world Cisco Duo documents is causing breakage with this code (as it exists in auth). So blocking.
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM after nit addressed.
Uh oh!
There was an error while loading.Please reload this page.
elasticmachine commentedOct 21, 2024
💚 Build Succeeded
History
|
Package cisco_duo - 2.2.0 containing this change is available athttps://epr.elastic.co/search?package=cisco_duo |
Added new data stream activity to collect Activity logs from Cisco Duo.It also adds a feature request for the auth data stream, including geo enrichment for the IP into the access_device field.
Added new data stream activity to collect Activity logs from Cisco Duo.It also adds a feature request for the auth data stream, including geo enrichment for the IP into the access_device field.




Uh oh!
There was an error while loading.Please reload this page.
Proposed commit message
Added new data stream
activityto collectActivity logs from Cisco Duo.The CEL program follows the API specifications set at:
It also adds a feature request for the
authdata stream, including geo enrichment for the IP into theaccess_devicefield.Checklist
changelog.ymlfile.How to test this PR locally
Added pipeline and system tests for the new data stream:
Related issues
Screenshots
Data stream configuration
Dashboard