Skip to content

[Netskope] Add Alerts v2 data stream #14443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[Netskope] Add Alerts v2 data stream #14443

wants to merge 9 commits into from
+6,850 −4

Conversation

moxarth-rathod
Copy link
Contributor

@moxarth-rathod moxarth-rathod commented Jul 8, 2025
edited
Loading

Proposed commit message

netskope: add alerts_v2 data stream in the integration

This PR introduces a new data stream, alerts_v2, along with its corresponding dashboards and 
ingest pipeline. Netskope Log Streaming sends all events and logs directly to customer-managed
cloud object storage buckets (such as Azure Blob Storage, Amazon S3, and Google Cloud Storage),
and the alerts_v2 data stream collects this data.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/netskope directory.
  • Run the following command to run tests.

elastic-package test -v

Related issues

Screenshots

image

netskope-alerts-v2

Recordings

Alert.ABS.mp4
Alert.GCS.mp4
Alert.ABS.RBAC.mp4

@moxarth-rathod moxarth-rathod self-assigned this Jul 8, 2025
@moxarth-rathod moxarth-rathod requested a review from a team as a code owner July 8, 2025 07:09
@moxarth-rathod moxarth-rathod added enhancement New feature or request Integration:netskope Netskope Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jul 8, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@moxarth-rathod moxarth-rathod marked this pull request as draft July 8, 2025 08:48
@moxarth-rathod moxarth-rathod marked this pull request as ready for review July 8, 2025 09:25
@andrewkroh andrewkroh added dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. labels Jul 8, 2025
efd6
efd6 reviewed Jul 9, 2025
View reviewed changes
packages/netskope/_dev/build/docs/README.md Outdated
2. In "Search for integrations" search bar, type **Netskope**.
3. Select the **Netskope** integration from the search results.
4. Select the Add **Netskope** Integration button to add the integration.
5. While adding the integration, if you want to collect logs via AWS S3, you'll need to provide the following details:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
5. While adding the integration, if you want to collect logs via AWS S3, you'll need to provide the following details:
5. While adding the integration, if you want to collect logs via AWS S3, you will need to provide the following details:

However, I'm not a fan of the construction here. @alaudazzi Do you have suggestions for how to frame this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about this:

To collect logs via AWS S3 when adding the integration, you must provide the following details:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's shorter, so works for me. @moxarth-rathod, can you make that change, please.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, i'll make the changes as per the suggestion.

packages/netskope/data_stream/alerts_v2/_dev/test/pipeline/test-alert-v2.log-expected.json Outdated
Comment on lines 151 to 152
"src_latitude": 2.0020332E23,
"src_longitude": -4.6480886E22,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These do not seem right. I can see that this is what they are in the input, but can we have something there that is sane?

@moxarth-rathod moxarth-rathod requested a review from ShourieG July 9, 2025 06:30
kcreddy
kcreddy reviewed Jul 9, 2025
View reviewed changes
packages/netskope/data_stream/alerts_v2/agent/stream/abs.yml.hbs
Comment on lines +4 to +9
{{#if oauth2}}
auth.oauth2:
client_id: {{client_id}}
client_secret: {{client_secret}}
tenant_id: {{tenant_id}}
{{/if}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check https://github.com/elastic/integrations/pull/14396/files and apply similar README changes?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@moxarth-rathod, can you check if this section is valid here as well?
https://github.com/elastic/integrations/tree/main/packages/symantec_endpoint_security#collect-data-from-azure-blob-storage. It was added from above PR.

@ShourieG ShourieG mentioned this pull request Jul 9, 2025
Closed
@ShourieG
Copy link
Contributor

ShourieG commented Jul 9, 2025

Currently successful CI for this PR is blocked by: elastic/package-spec#925

@ShourieG ShourieG mentioned this pull request Jul 11, 2025
Merged
2 tasks
@elasticmachine
Copy link

elasticmachine commented Jul 14, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @moxarth-rathod

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShourieG ShourieG Awaiting requested review from ShourieG

@kcreddy kcreddy Awaiting requested review from kcreddy

@alaudazzi alaudazzi Awaiting requested review from alaudazzi

@efd6 efd6 Awaiting requested review from efd6

At least 1 approving review is required to merge this pull request.

Assignees

@moxarth-rathod moxarth-rathod

Labels
dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:netskope Netskope Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Netskope] Add support for new data stream - Alerts V2
7 participants
@moxarth-rathod @elasticmachine @ShourieG @kcreddy @alaudazzi @efd6 @andrewkroh