Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tenable IO] Add request tracing to vulnerability datastream and capture chain requests #8831

Merged
merged 6 commits into from
Jan 5, 2024
Merged

[Tenable IO] Add request tracing to vulnerability datastream and capture chain requests #8831

merged 6 commits into from
Jan 5, 2024

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Jan 5, 2024
edited
Loading

Proposed commit message

  • Currently there is a way to capture the chain request/responses that is undocumented in the httpjson input. This PR adds the new chain tracer files.
  • This PR also adds request tracing into vulnerability datastream.

NOTE: This PR hardcodes the tracer filenames instead of using the default filename "../../logs/httpjson/http-request-trace-*.ndjson". This is because of the non-sanitisation of chain request tracer filenames explained in elastic/beats#37551

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

  • [ ]

How to test this PR locally

elastic-package stack down && elastic-package build && elastic-package stack up --version=8.11.3 -d -v && eval "$(elastic-package stack shellinit)" && elastic-package test system --generate -v

--- Test results for package: tenable_io - START ---
╭────────────┬───────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE    │ DATA STREAM   │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├────────────┼───────────────┼───────────┼───────────┼────────┼───────────────┤
│ tenable_io │ asset         │ system    │ default   │ PASS   │ 23.878944084s │
│ tenable_io │ plugin        │ system    │ default   │ PASS   │   23.7050505s │
│ tenable_io │ scan          │ system    │ default   │ PASS   │ 22.386581292s │
│ tenable_io │ vulnerability │ system    │ default   │ PASS   │ 23.368298458s │
╰────────────┴───────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: tenable_io - END   ---
Done

@kcreddy kcreddy changed the title [Tenable IO] Add httpjson request chain tracer files [Tenable IO] Add request tracing to vulnerability datastream and capture chain requests Jan 5, 2024
@kcreddy kcreddy self-assigned this Jan 5, 2024
@kcreddy kcreddy added enhancement New feature or request Integration:tenable_io Tenable Vulnerability Management labels Jan 5, 2024
@kcreddy kcreddy marked this pull request as ready for review January 5, 2024 11:59
@kcreddy kcreddy requested a review from a team as a code owner January 5, 2024 11:59
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@elasticmachine
Copy link

🚀 Benchmarks report

Package tenable_io 👍(2) 💚(1) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
asset 1326.26 855.43 -470.83 (-35.5%) 💔

To see the full report comment with /test benchmark fullreport

bhapas
bhapas approved these changes Jan 5, 2024
View reviewed changes
Copy link
Contributor

@bhapas bhapas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Will you put up another PR after the beats issue is merged?

@kcreddy
Copy link
Contributor Author

kcreddy commented Jan 5, 2024

LGTM. Will you put up another PR after the beats issue is merged?

Yes, I will come up with a PR after.

@kcreddy kcreddy merged commit 0352c71 into elastic:main Jan 5, 2024
3 checks passed
@kcreddy kcreddy mentioned this pull request Jan 5, 2024
Closed
@elasticmachine
Copy link

Package tenable_io - 2.8.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io

1 similar comment
@elasticmachine
Copy link

Package tenable_io - 2.8.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io

@narph narph added the Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] label Jun 13, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bhapas bhapas bhapas approved these changes

Assignees

@kcreddy kcreddy

Labels
enhancement New feature or request Integration:tenable_io Tenable Vulnerability Management Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kcreddy @elasticmachine @bhapas @narph