Copy packages from snapshot to production (#4462)

elastic · May 24, 2022 · b1a742f · b1a742f
1 parent 1dc8a53
commit b1a742f
Show file tree

Hide file tree

Showing 91 changed files with 8,991 additions and 0 deletions.
diff --git a/packages/mimecast/1.0.0/changelog.yml b/packages/mimecast/1.0.0/changelog.yml
@@ -0,0 +1,80 @@
+- version: "1.0.0"
+  changes:
+    - description: Make ga with zip support for SIEM events.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3383
+    - description: Move auth vars to the common manifest.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3383
+- version: "0.0.12"
+  changes:
+    - description: Add more use cases for parsing audit events.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3231
+- version: "0.0.11"
+  changes:
+    - description: Update integration description for consistency with other integrations.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3193
+    - description: Add missing ECS event.* field mappings.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/3193
+- version: "0.0.10"
+  changes:
+    - description: Add more use cases to audit_events pipeline
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3116
+    - description: Implement geo.ip for siem logs
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3116
+    - description: Remove user part for ttp-url logs and add email.to.address for recipient
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3116
+- version: "0.0.9"
+  changes:
+    - description: Update ecs to version 8.2.0 and implement better practice for email ECS fields.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2841
+- version: "0.0.8"
+  changes:
+    - description: Add documentation for multi-fields
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2916
+- version: "0.0.7"
+  changes:
+    - description: Add content-disposition to test mock to properly create sample event from SIEM logs.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2739
+- version: "0.0.6"
+  changes:
+    - description: Add use cases for audit events and update sample events and docs
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2690
+- version: "0.0.5"
+  changes:
+    - description: Fix typo
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2644
+    - description: Add 8.0.0 compatibility, fix team name in manifest, and remove redundant `event.ingested` from pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2683
+- version: "0.0.4"
+  changes:
+    - description: Regenerate test files using the new GeoIP database
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2339
+- version: "0.0.3"
+  changes:
+    - description: Change test public IPs to the supported subset
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/2327
+- version: "0.0.2"
+  changes:
+    - description: Tweaking the dashboards
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2289
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2157
diff --git a/packages/mimecast/1.0.0/data_stream/audit_events/agent/stream/httpjson.yml.hbs b/packages/mimecast/1.0.0/data_stream/audit_events/agent/stream/httpjson.yml.hbs
@@ -0,0 +1,51 @@
+config_version: "2"
+interval: {{interval}}
+request.url: {{api_url}}/api/audit/get-audit-events
+request.method: "POST"
+request.transforms:
+- set:
+    target: body.meta.pagination.pageSize
+    value: 500
+- set:
+    target: body.data
+    value: '[{"endDateTime": "[[formatDate (now) "2006-01-02T15:04:05+0700"]]", "startDateTime":"[[.cursor.next_date]]"}]'
+    default: '[{"endDateTime": "[[formatDate (now) "2006-01-02T15:04:05+0700"]]", "startDateTime":"[[formatDate (now (parseDuration "-{{interval}}")) "2006-01-02T15:04:05+0700"]]"}]'
+    value_type: json
+- set:
+    target: header.x-mc-app-id
+    value: {{app_id}}
+- set:
+    target: header.x-mc-date
+    value: '[[formatDate (now) "RFC1123"]]'
+- set:
+    target: header.x-mc-req-id
+    value: '[[uuid]]'
+- set:
+    target: header.Authorization
+    value: 'MC {{access_key}}:[[hmacBase64 "sha1" (base64Decode "{{secret_key}}") (sprintf "%s:%s:/api/audit/get-audit-events:{{app_key}}" (.header.Get "x-mc-date") (.header.Get "x-mc-req-id"))]]'
+    fail_on_template_error: true
+response.decode_as: application/json
+response.split:
+  target: body.data
+response.pagination:
+- set:
+    target: body.meta.pagination.pageToken
+    value: '[[.last_response.body.meta.pagination.next]]'
+    fail_on_template_error: true
+cursor:
+  next_date:
+    value: '[[.first_event.eventTime]]'
+tags:
+{{#if preserve_original_event}}
+- preserve_original_event
+{{/if}}
+{{#each tags as |tag i|}}
+- {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+{{#if processors}}
+processors:
+{{processors}}
+{{/if}}