Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

second half of email.* mapping for elastic_ecs #1632

Merged
merged 1 commit into from
Jan 5, 2024
Merged

second half of email.* mapping for elastic_ecs #1632

merged 1 commit into from
Jan 5, 2024

Conversation

subbyte
Copy link
Member

@subbyte subbyte commented Jan 4, 2024
edited
Loading

Some important mapping improvements for email.*:

  1. enable email.* in stix_transmission (this is a hidden filter for this connector only)
  2. add file hash mappings to to_stix
  3. add mappings to from_stix and the beats dialect
  4. add test case on file hashes

@codecov Codecov
Copy link

codecov bot commented Jan 4, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (cd9ec60) 86.01% compared to head (35fa336) 86.01%.
Report is 1 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop    #1632   +/-   ##
========================================
  Coverage    86.01%   86.01%           
========================================
  Files          572      572           
  Lines        48710    48733   +23     
========================================
+ Hits         41896    41919   +23     
  Misses        6814     6814

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@subbyte subbyte requested a review from mdazam1942 January 4, 2024 22:30
@mdazam1942 mdazam1942 merged commit 038129a into opencybersecurityalliance:develop Jan 5, 2024
6 checks passed
DerekRushton pushed a commit that referenced this pull request Jan 16, 2024
@subbyte @DerekRushton
second half of email.* mapping for elastic_ecs (#1632)
a7c8421
DerekRushton added a commit that referenced this pull request Jul 22, 2024
@DerekRushton @thangaraj-ramesh
@dependabot @delliott90 @mdazam1942 @subbyte @Alex-Kidston @KaneBrennan132
Tanium threat response connector 2 (#1693)
97bf644 
* CP4S-39527 Initial Translation Code - Draft

* Tanium Threat Response

* Fix Azure log analytics results translation. (#1612)

Updating azure log analytics review comments.
1. Added transformer for converting int to float for latitude.
2.Updated TimestampConversion transformer to handle without milliseconds and added mappings for first and last observed.
3. Updated transformer to handle ConfidenceScore value is 'nan'.

* Bump aioboto3 from 11.3.1 to 12.0.0 in /stix_shifter (#1611)

Bumps [aioboto3](https://github.com/terrycain/aioboto3) from 11.3.1 to 12.0.0.
- [Changelog](https://github.com/terrycain/aioboto3/blob/main/CHANGELOG.rst)
- [Commits](terricain/aioboto3@v11.3.1...v12.0.0)

---
updated-dependencies:
- dependency-name: aioboto3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pyopenssl from 23.2.0 to 23.3.0 in /stix_shifter (#1610)

Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 23.2.0 to 23.3.0.
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@23.2.0...23.3.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* table of mapping script update for to-stix dialects (#1609)

* Bump azure-identity from 1.14.1 to 1.15.0 in /stix_shifter (#1614)

Bumps [azure-identity](https://github.com/Azure/azure-sdk-for-python) from 1.14.1 to 1.15.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-python/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md)
- [Commits](Azure/azure-sdk-for-python@azure-identity_1.14.1...azure-identity_1.15.0)

---
updated-dependencies:
- dependency-name: azure-identity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump flatten-json from 0.1.13 to 0.1.14 in /stix_shifter (#1613)

Bumps [flatten-json](https://github.com/amirziai/flatten) from 0.1.13 to 0.1.14.
- [Release notes](https://github.com/amirziai/flatten/releases)
- [Commits](https://github.com/amirziai/flatten/commits)

---
updated-dependencies:
- dependency-name: flatten-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update CHANGELOG.md for 6.3.0

* Cisco secure email added readme detailed file. (#1615)

* Added tested communication code for Tanium

* Added suggestions from Azam.

* Fix parameter assignment in error handling function (#1616)

* Remove future timestamp qualifier conditions (#1619)

* Make sure certificate is verified when required by RestApiClientAsync (#1620)

Deprecates selfSignedCert: false bypasss

* Update CHANGELOG.md for 7.0.0

* add email-message translation to ecs (#1621)

* Update group_ref keyword documenation (#1622)

* Initial To Stix mapping - Event and Transformers

* Another temporary commit to hold x-oca-event form

* Finished up the to_stix mapping + test.

* Removed additional event data.

* Fixing the unittest failure

* Another Attempt

* Added the missing fields to the Tanium API response and request.

* Updated toStix and fromStix

* Update CHANGELOG.md for 7.0.1

* second half of email.* mapping for elastic_ecs (#1632)

* Sysdig connector (#1630)

* Update machine ID field in QRadar module (#1634)

Co-authored-by: Kane Brennan <[email protected]>

* Sysdig Connector - Formatting issue in sysdig_supported_stix.md file corrected  (#1635)

* Added the readme (WIP)

* Undid an unintended change.

* Another Attempt to undo the change.

* Removing one more unintended change.

* One more unintended change.

* Updated the sample for the unit test.

* Azam's suggestions.

* Cleaned out the testing code I had left.

* Clean-up - Fixed up the readme.

* Added Azam's suggestions

* Cleaned the Json so it's standardized.

* Removed the total size from the meta data as it's not needed.

* Cleaning up some comments+fixed observation queries.

Signed-off-by: DerekRushton <[email protected]>

* Making the config values consistent.

Signed-off-by: DerekRushton <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: DerekRushton <[email protected]>
Co-authored-by: thangaraj-ramesh <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Danny Elliott <[email protected]>
Co-authored-by: Md Azam <[email protected]>
Co-authored-by: Xiaokui Shu <[email protected]>
Co-authored-by: Alex-Kidston <[email protected]>
Co-authored-by: Kane Brennan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdazam1942 mdazam1942 mdazam1942 approved these changes

@pcoccoli pcoccoli pcoccoli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@subbyte @pcoccoli @mdazam1942