- Notifications
You must be signed in to change notification settings - Fork545
[windows] Add Windows AppLocker Data Stream (MSI and Script)#7279
[windows] Add Windows AppLocker Data Stream (MSI and Script)#7279efd6 merged 19 commits intoelastic:mainfromnicpenning:applocker_msi_and_script
Conversation
elasticmachine commentedAug 5, 2023 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
💚 Build Succeeded
Expand to view the summaryBuild stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub commentsTo re-run your PR in the CI, just comment with:
|
…ing/integrations into applocker_msi_and_script
…ing/integrations into applocker_msi_and_script
elasticmachine commentedAug 7, 2023
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
nicpenning commentedAug 9, 2023
/test |
1 similar comment
andrewkroh commentedAug 9, 2023
/test |
elasticmachine commentedAug 9, 2023 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
🌐 Coverage report
|
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Can you provide screen shots showing the dashboard changes.
Also, please make the following change to CODEOWNERS
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERSindex ddcfae883..aacc76f5a 100644--- a/.github/CODEOWNERS+++ b/.github/CODEOWNERS@@ -243,6 +243,7 @@ /packages/websphere_application_server @elastic/obs-infraobs-integrations /packages/windows @elastic/elastic-agent-data-plane @elastic/security-external-integrations /packages/windows/data_stream/applocker_exe_and_dll @elastic/security-external-integrations+/packages/windows/data_stream/applocker_msi_and_script @elastic/security-external-integrations /packages/windows/data_stream/forwarded @elastic/security-external-integrations /packages/windows/data_stream/perfmon @elastic/elastic-agent-data-plane /packages/windows/data_stream/powershell @elastic/security-external-integrations
Uh oh!
There was an error while loading.Please reload this page.
packages/windows/data_stream/applocker_msi_and_script/agent/stream/httpjson.yml.hbsShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
packages/windows/data_stream/applocker_msi_and_script/elasticsearch/ingest_pipeline/default.yml OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
efd6 commentedAug 9, 2023
/test |
nicpenning commentedAug 9, 2023
Do you mean update the .png in the package or add those screenshots to this PR for review? |
nicpenning commentedAug 9, 2023
I added these: And removed the "-" in the title of the dashboard between [Windows Applocker] - Audited Blocked Applications |
efd6 commentedAug 10, 2023
/test |
efd6 left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM
elasticmachine commentedAug 10, 2023
Package windows - 1.30.0 containing this change is available athttps://epr.elastic.co/search?package=windows |
Uh oh!
There was an error while loading.Please reload this page.
What does this PR do?
This PR adds the Windows AppLocker MSI and Script data stream which allows the ingestion of those events from the Windows Event Log. This also updates the dashboard with a better title and adds 4 new visualizations to explore the data.
Resolves Part of -#6979
Checklist
changelog.ymlfile.