Skip to content

[ti_recordedfuture] Add DLM policy and update format_version to 3.0.0 #7848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Sep 25, 2023
Merged

[ti_recordedfuture] Add DLM policy and update format_version to 3.0.0 #7848

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
c1ce609
add dlm
kcreddy Sep 15, 2023
79b1f02
check what happens if both ilm and dlm are present
kcreddy Sep 15, 2023
2427fc7
add ilm back
kcreddy Sep 15, 2023
cf5b98a
update dlm
kcreddy Sep 15, 2023
450da83
update DLM policy
kcreddy Sep 18, 2023
9d9d86b
udpate changelog
kcreddy Sep 18, 2023
395955d
update format_version
kcreddy Sep 18, 2023
e21ad80
revert anomali
kcreddy Sep 18, 2023
88113d8
update format version
kcreddy Sep 18, 2023
3bb3e48
remove ILM
kcreddy Sep 20, 2023
a1cde9a
Add ILM back
kcreddy Sep 20, 2023
4dcd364
update changelog
kcreddy Sep 20, 2023
c766dc0
Merge remote-tracking branch 'upstream/main' into recfuture_dlm
kcreddy Sep 21, 2023
98493a4
update transform sync delay
kcreddy Sep 21, 2023
0b94041
remove next change
kcreddy Sep 21, 2023
7082ca9
add comment
kcreddy Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions packages/ti_recordedfuture/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
# newer versions go on top
- version: "1.16.0"
changes:
- description: Add DLM policy. Add owner.type to package manifest. Update format_version to 3.0.0
type: enhancement
link: https://github.com/elastic/integrations/pull/7848
- description: Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.
type: enhancement
link: https://github.com/elastic/integrations/pull/7789
Expand Down
1 change: 1 addition & 0 deletions packages/ti_recordedfuture/data_stream/threat/lifecycle.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data_retention: "5d"
3 changes: 2 additions & 1 deletion packages/ti_recordedfuture/elasticsearch/transform/latest_ioc/transform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ frequency: 30s
sync:
time:
field: event.ingested
delay: 60s
# Updated to 120s because of refresh delay in Serverless. With default 60s, sometimes transform wouldn't process all documents.
delay: 120s
retention_policy:
time:
field: event.ingested
Expand Down
3 changes: 2 additions & 1 deletion packages/ti_recordedfuture/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: Recorded Future
version: "1.16.0"
description: Ingest threat intelligence indicators from Recorded Future risk lists with Elastic Agent.
type: integration
format_version: 2.11.0
format_version: 3.0.0
categories: ["security", "threat_intel"]
conditions:
kibana:
Expand All @@ -26,3 +26,4 @@ policy_templates:
description: "Load indicators from a CSV file"
owner:
github: elastic/security-external-integrations
type: elastic