[vectra_cloud] Initial release of the Vectra Cloud

[janvi-elastic]

Proposed commit message

The initial release includes an audit, entity events, detection events, health and lockdown data stream and associated dashboards and visualizations.

Vectra Cloud fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from documentation, which were subsequently
sanitized.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

• Clone integrations repo.
• Install elastic package locally.
• Start elastic stack using elastic-package.
• Move to integrations/packages/vectra_cloud directory.
• Run the following command to run tests.

elastic-package test

--- Test results for package: vectra_cloud - START ---
╭──────────────┬─────────────────┬───────────┬───────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM     │ TEST TYPE │ TEST NAME                                                             │ RESULT │ TIME ELAPSED │
├──────────────┼─────────────────┼───────────┼───────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ vectra_cloud │                 │ asset     │ dashboard vectra_cloud-36228434-8783-49ab-ac0d-82cc651c0e7d is loaded │ PASS   │      1.364µs │
│ vectra_cloud │                 │ asset     │ dashboard vectra_cloud-55983c57-df67-41ea-8292-08c3c0357d05 is loaded │ PASS   │        212ns │
│ vectra_cloud │                 │ asset     │ dashboard vectra_cloud-6ddf7197-c2e5-4472-a814-05bfe2caa3eb is loaded │ PASS   │        166ns │
│ vectra_cloud │                 │ asset     │ dashboard vectra_cloud-9a7d587d-e61a-40dc-886b-25aa6da16717 is loaded │ PASS   │        275ns │
│ vectra_cloud │                 │ asset     │ dashboard vectra_cloud-ccfcc72d-78f4-4337-b542-de333bef5cf8 is loaded │ PASS   │        217ns │
│ vectra_cloud │                 │ asset     │ search vectra_cloud-3160e56b-1190-4e05-be6d-5beb3b5bf8a5 is loaded    │ PASS   │        243ns │
│ vectra_cloud │                 │ asset     │ search vectra_cloud-648e1825-c198-4bf0-ba1d-ee1c11ebd84f is loaded    │ PASS   │        198ns │
│ vectra_cloud │                 │ asset     │ search vectra_cloud-7180cae3-1a55-4e7a-a010-e7987dbdbd67 is loaded    │ PASS   │        280ns │
│ vectra_cloud │                 │ asset     │ search vectra_cloud-7ba8318c-2c41-4c43-af81-c35d599b6c74 is loaded    │ PASS   │        191ns │
│ vectra_cloud │                 │ asset     │ search vectra_cloud-fad8d0ee-bc58-43cd-a949-b0f0cf975256 is loaded    │ PASS   │        210ns │
│ vectra_cloud │ audit           │ asset     │ index_template logs-vectra_cloud.audit is loaded                      │ PASS   │        214ns │
│ vectra_cloud │ audit           │ asset     │ ingest_pipeline logs-vectra_cloud.audit-0.1.0 is loaded               │ PASS   │        238ns │
│ vectra_cloud │ detection_event │ asset     │ index_template logs-vectra_cloud.detection_event is loaded            │ PASS   │        247ns │
│ vectra_cloud │ detection_event │ asset     │ ingest_pipeline logs-vectra_cloud.detection_event-0.1.0 is loaded     │ PASS   │        173ns │
│ vectra_cloud │ entity_event    │ asset     │ index_template logs-vectra_cloud.entity_event is loaded               │ PASS   │        218ns │
│ vectra_cloud │ entity_event    │ asset     │ ingest_pipeline logs-vectra_cloud.entity_event-0.1.0 is loaded        │ PASS   │        111ns │
│ vectra_cloud │ health          │ asset     │ index_template logs-vectra_cloud.health is loaded                     │ PASS   │        496ns │
│ vectra_cloud │ health          │ asset     │ ingest_pipeline logs-vectra_cloud.health-0.1.0 is loaded              │ PASS   │        159ns │
│ vectra_cloud │ lockdown        │ asset     │ index_template logs-vectra_cloud.lockdown is loaded                   │ PASS   │        242ns │
│ vectra_cloud │ lockdown        │ asset     │ ingest_pipeline logs-vectra_cloud.lockdown-0.1.0 is loaded            │ PASS   │        113ns │
╰──────────────┴─────────────────┴───────────┴───────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: vectra_cloud - END   ---
Done
--- Test results for package: vectra_cloud - START ---
╭──────────────┬─────────────────┬───────────┬─────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM     │ TEST TYPE │ TEST NAME                                           │ RESULT │ TIME ELAPSED │
├──────────────┼─────────────────┼───────────┼─────────────────────────────────────────────────────┼────────┼──────────────┤
│ vectra_cloud │ audit           │ pipeline  │ (ingest pipeline warnings test-audit.log)           │ PASS   │ 313.047451ms │
│ vectra_cloud │ audit           │ pipeline  │ test-audit.log                                      │ PASS   │ 141.330693ms │
│ vectra_cloud │ detection_event │ pipeline  │ (ingest pipeline warnings test-detection-event.log) │ PASS   │ 299.225141ms │
│ vectra_cloud │ detection_event │ pipeline  │ test-detection-event.log                            │ PASS   │ 150.379479ms │
│ vectra_cloud │ entity_event    │ pipeline  │ (ingest pipeline warnings test-entity-event.log)    │ PASS   │ 283.741304ms │
│ vectra_cloud │ entity_event    │ pipeline  │ test-entity-event.log                               │ PASS   │ 120.738096ms │
│ vectra_cloud │ health          │ pipeline  │ (ingest pipeline warnings test-health.log)          │ PASS   │ 303.073442ms │
│ vectra_cloud │ health          │ pipeline  │ test-health.log                                     │ PASS   │ 235.386842ms │
│ vectra_cloud │ lockdown        │ pipeline  │ (ingest pipeline warnings test-lockdown.log)        │ PASS   │ 271.347977ms │
│ vectra_cloud │ lockdown        │ pipeline  │ test-lockdown.log                                   │ PASS   │ 103.822052ms │
╰──────────────┴─────────────────┴───────────┴─────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: vectra_cloud - END   ---
Done
--- Test results for package: vectra_cloud - START ---
╭──────────────┬─────────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE      │ DATA STREAM     │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├──────────────┼─────────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ vectra_cloud │ audit           │ static    │ Verify sample_event.json │ PASS   │ 117.463687ms │
│ vectra_cloud │ detection_event │ static    │ Verify sample_event.json │ PASS   │ 114.558666ms │
│ vectra_cloud │ entity_event    │ static    │ Verify sample_event.json │ PASS   │ 130.596506ms │
│ vectra_cloud │ health          │ static    │ Verify sample_event.json │ PASS   │ 151.602007ms │
│ vectra_cloud │ lockdown        │ static    │ Verify sample_event.json │ PASS   │ 128.658336ms │
╰──────────────┴─────────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: vectra_cloud - END   ---
Done
--- Test results for package: vectra_cloud - START ---
╭──────────────┬─────────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE      │ DATA STREAM     │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├──────────────┼─────────────────┼───────────┼───────────┼────────┼───────────────┤
│ vectra_cloud │ audit           │ system    │ common    │ PASS   │ 34.904570101s │
│ vectra_cloud │ detection_event │ system    │ common    │ PASS   │  38.24373629s │
│ vectra_cloud │ entity_event    │ system    │ common    │ PASS   │ 42.137084271s │
│ vectra_cloud │ health          │ system    │ common    │ PASS   │ 37.099288261s │
│ vectra_cloud │ lockdown        │ system    │ common    │ PASS   │ 39.865316176s │
╰──────────────┴─────────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: vectra_cloud - END   ---
Done

Related issues

• Closes https://github.com/elastic/enhancements/issues/23858

Screenshot

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
97.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 2a302e2

[jamiehynds]

@cpascale43 @janvi-elastic can we confirm that Vectra Cloud is the the correct naming/branding of the Vectra product we're integrating with? I don't think Vectra Cloud aligns with any naming on their end.

[piyush-elastic]

@cpascale43 @janvi-elastic can we confirm that Vectra Cloud is the the correct naming/branding of the Vectra product we're integrating with? I don't think Vectra Cloud aligns with any naming on their end.

@jamiehynds, @cpascale43 - The customer referred to this integration as 'Vectra Cloud' in their email. We also noticed that other vendors are using the same name, so we've used 'Vectra Cloud' as well for consistency. Also based on the information available on Vectra's official website and documentation, Vectra Cloud refers to the cloud-based offerings of Vectra AI. The term "Vectra UX" in the documentation likely refers to the user interface of Vectra AI’s cloud platform. Let me know your thoughts please.

[cpascale43]

Checking with Vectra @piyush-elastic, will keep you posted here

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)