[sysdig] Add support for security event datastream #13626

brijesh-elastic · 2025-04-21T13:50:01Z

Proposed commit message

sysdig: add support for security event datastream.

This security events logs provides an overview of your infrastructure,
and allows you to deep-dive into specific security events, distinguish,
false positives, and configure policies to enhance performance.

Sanitized test case inputs were obtained from live Sysdig Secure instance
using the Sysdig Next Gen API.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.
I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

Clone integrations repo.
Install elastic package locally.
Start elastic stack using elastic-package.
Move to integrations/packages/sysdig directory.
Run the following command to run tests.

elastic-package test

Related issues

Closes [Sysdig Secure] New data stream: Runtime Threat Detection #12270

Screenshots

elasticmachine · 2025-04-21T13:50:04Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

elastic-vault-github-plugin-prod · 2025-04-21T14:13:11Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

packages/sysdig/_dev/build/docs/README.md

packages/sysdig/data_stream/event/_dev/test/pipeline/test-event.log-expected.json

packages/sysdig/data_stream/event/fields/ecs.yml

packages/sysdig/_dev/build/docs/README.md

packages/sysdig/data_stream/event/agent/stream/cel.yml.hbs

packages/sysdig/data_stream/event/elasticsearch/ingest_pipeline/default.yml

kcreddy

LGTM. Please wait for @efd6 approval.

efd6

Please address

discussion_r2092050092
discussion_r2092056371 (though note comment)
discussion_r2092058221
and the issue noted in this review
(edited to fix GH breaking the links)

packages/sysdig/data_stream/event/manifest.yml

packages/sysdig/data_stream/event/fields/fields.yml

elasticmachine · 2025-05-26T06:20:17Z

💚 Build Succeeded

Buildkite Build
Commit: 7fdfed2

History

💚 Build #26176 succeeded 78d0d4a
💚 Build #26058 succeeded 3cdee0d
💚 Build #26001 succeeded 842af87
💚 Build #24931 succeeded 6f10257

cc @brijesh-elastic

elastic-sonarqube · 2025-05-26T06:20:24Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
93.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

kcreddy

Still LGTM

efd6

Thanks

elastic-vault-github-plugin-prod · 2025-05-27T00:21:01Z

Package sysdig - 0.4.0 containing this change is available at https://epr.elastic.co/package/sysdig/0.4.0/

This security events logs provides an overview of your infrastructure, and allows you to deep-dive into specific security events, distinguish, false positives, and configure policies to enhance performance. Sanitized test case inputs were obtained from live Sysdig Secure instance using the Sysdig Next Gen API.

Add support for security event datastream

b91c630

brijesh-elastic self-assigned this Apr 21, 2025

brijesh-elastic requested a review from a team as a code owner April 21, 2025 13:50

Update changelog entry

6f10257

andrewkroh added the dashboard Relates to a Kibana dashboard bug, enhancement, or modification. label Apr 21, 2025

kcreddy reviewed May 13, 2025

View reviewed changes

efd6 reviewed May 13, 2025

View reviewed changes

address pr comment

842af87

brijesh-elastic requested review from efd6 and kcreddy May 15, 2025 21:02

kcreddy approved these changes May 16, 2025

View reviewed changes

efd6 requested changes May 16, 2025

View reviewed changes

packages/sysdig/data_stream/event/manifest.yml Outdated Show resolved Hide resolved

brijesh-elastic and others added 2 commits May 19, 2025 14:25

address pr comments

b6cf546

Merge branch 'main' into sysdig-0.4.0

3cdee0d

brijesh-elastic requested a review from efd6 May 19, 2025 08:57

efd6 reviewed May 19, 2025

View reviewed changes

packages/sysdig/data_stream/event/fields/fields.yml Outdated Show resolved Hide resolved

brijesh-elastic and others added 2 commits May 21, 2025 14:51

correct field type definition

d9b7dff

Merge branch 'main' into sysdig-0.4.0

78d0d4a

brijesh-elastic requested a review from efd6 May 21, 2025 09:23

rename specific fields to achieve better clarity and searchability

7fdfed2

brijesh-elastic requested a review from kcreddy May 26, 2025 06:09

kcreddy approved these changes May 26, 2025

View reviewed changes

efd6 approved these changes May 26, 2025

View reviewed changes

efd6 merged commit 24424bd into elastic:main May 27, 2025
8 checks passed

[sysdig] Add support for security event datastream #13626

[sysdig] Add support for security event datastream #13626

Uh oh!

Conversation

brijesh-elastic commented Apr 21, 2025

Proposed commit message

Checklist

How to test this PR locally

Related issues

Screenshots

Uh oh!

elasticmachine commented Apr 21, 2025

Uh oh!

elastic-vault-github-plugin-prod bot commented Apr 21, 2025

🚀 Benchmarks report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

efd6 left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

elasticmachine commented May 26, 2025

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented May 26, 2025

Quality Gate passed

Uh oh!

kcreddy left a comment

Choose a reason for hiding this comment

Uh oh!

efd6 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented May 27, 2025

Uh oh!

Uh oh!

efd6 left a comment •

edited

Loading