[BeyondTrust EPM] Initial release of BeyondTrust EPM#20010
Open
akshraj-crest wants to merge 5 commits into
Open
[BeyondTrust EPM] Initial release of BeyondTrust EPM#20010akshraj-crest wants to merge 5 commits into
akshraj-crest wants to merge 5 commits into
Conversation
The initial release includes audit data stream, associated dashboard and visualizations. BeyondTrust EPM fields are mapped to their corresponding ECS fields where possible. Test samples were derived from live data samples, which were subsequently sanitized.
…point_arn, move deploy files (elastic#19465) Remove the preserve_duplicate_custom_fields configuration parameter from both the CEL and aws-s3 input types. The ingest pipeline now unconditionally removes custom fields that duplicate ECS-mapped values instead of gating the removal on a tag. Expose the access_point_arn option in the aws-s3 section of the audit manifest. The stream template already referenced this variable but it was never declared as a config parameter, so users could not set it. Move _dev/deploy/ from the package root into data_stream/audit/ so the test infrastructure sits alongside the data stream it exercises.
The initial release includes event data stream, associated dashboard and visualizations. BeyondTrust EPM fields are mapped to their corresponding ECS fields where possible. Test samples were derived from [product schema](https://docs.beyondtrust.com/epm-wm/reference/get_v3-events-search) The entries in fields.yml are generated through an automation tool that uses the field mapping sheet as input.
ReviewersBuildkite won't run for external contributors automatically; you need to add a comment:
NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Checklist
changelog.ymlfile.How to test this PR locally
To test the BeyondTrust EPM package:
Related issues
Screenshots
Note: This integration follows a phased development process where individual data streams were reviewed and merged into a feature branch through separate PRs:
All PR's have been reviewed and merged in this feature branch, which is now ready for integration into the main branch.