-
Notifications
You must be signed in to change notification settings - Fork 458
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[New Integration] Endace #9579
Comments
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
@norrietaylor - @jamesagarside has built an initial integration package with Endace (based on the flow support we have in the Network Packet Capture integration). Is there someone from the Linux platform team that could assist with creating the PR and reviewing James's package? |
The Linux team is incredibly resource-constrained right now. To keep this moving, I will add this task to the Deployment and Devices team backlog. We can discuss it during this week's team meeting. Once an engineer is assigned, they can work directly with @jamesagarside to review and merge the PR. I believe this should be owned by the Linux team moving forward for SDHs and maintenance due to the dependency on packetbeat and similarities to the Network Packet Capture integration. cc/ @nfritts |
@jamesagarside I'll help you out with this |
Update on this, we have an MVP, Im just finalising tests https://github.com/elastic/integrations/tree/endace |
PR in however I cant view the Sonarqube test results |
I'll send you the details of the sonarqube report, and review the PR |
Description
Endace is a leading provider of high-speed network packet recording, playback, and analytics solutions. Specializing in network visibility and security, Endace empowers organizations to confidently manage, secure, and optimize their networks. By capturing and analyzing vast amounts of network data in real-time, Endace enables businesses to swiftly detect and respond to security threats, troubleshoot network performance issues, and comply with regulatory requirements.
Architecture
This will differ slightly from our typical ingest integrations. Endance provides full network packet capture, but using Packetbeat's flow support on their probes, allows us to ingest data from a span port on the Endance probes. The goal of the integration is to allow users to pivot from a document with the flow information within Elastic to Endance, in order to deeply investigate the packet data in Endace.
@jamesagarside has started an implementation whereby an Endace integration, based on the Network Packet Capture integration's flow support, can be used as the basis for the Endance integration. The integration will then contain an option to provide the URL for the Endance UI to ensure certain fields (like source/destination IP) can be hyperlinked to Endace's UI.
In the future we can explore additional use cases and data from Endace, but this is a great starting point to add value to Endace adn Elastic's mutual customers. Endace have also agreed to collaborate on dashboards, detection rules, etc.
Endace has similar integrations which can be viewed here: Palo Alto and Splunk
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
sample_event.json
) existsThe text was updated successfully, but these errors were encountered: