Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat Module - Microsoft Graph API Security (II) #36995

Open
13 tasks
C4pt41nNRex opened this issue Oct 31, 2023 · 3 comments
Open
13 tasks

Filebeat Module - Microsoft Graph API Security (II) #36995

C4pt41nNRex opened this issue Oct 31, 2023 · 3 comments
Labels
enhancement Team:Security-Service Integrations Security Service Integrations Team

Comments

@C4pt41nNRex
Copy link

C4pt41nNRex commented Oct 31, 2023
edited
Loading

Metricbeat Module / Dataset release checklist

This checklist is intended for Devs which create or update a module to make sure modules are consistent.

Modules

For a metricset to go GA, the following criterias should be met:

  • Supported versions are documented
  • Supported operating systems are documented (if applicable)
  • Integration tests exist
  • System tests exist
  • Automated checks that all fields are documented
  • Documentation
  • Fields follow ECS and naming conventions
  • Dashboards exists (if applicable)
  • Kibana Home Tutorial (if applicable)
    • Open PR against Kibana repo with tutorial. Examples can be found here.

Filebeat module

  • Test log files exist for the grok patterns
  • Generated output for at least 1 log file exists

Metricbeat module

  • Example data.json exists and an automated way to generate it exists (go test -data)
  • Test environment in Docker exist for integration tests

Hi Elastic team,

I'm interested on a module Microsoft Graph API Security to fetch logs from there to Filebeat. In one word, reopening issue #26878 (Filebeat Module - Microsoft Graph API Security).

A lot of Microsoft insights are being fetched through Filebeat modules tho, one important is missing in my opinion.
Microsoft Graph API Security https://docs.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0

Especially the alerts. There is already the Microsoft Module which include M365Defender but the graph API security endpoint offer theses alerts along with multiple others.

Thank you in advance.

Kind regards,

Rex
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 31, 2023
@C4pt41nNRex
Copy link
Author

C4pt41nNRex commented Oct 31, 2023
edited
Loading

The team to be assigned, should be Security-External Integrations

@elastic/security-external-integrations

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Nov 23, 2023
@jamiehynds
Copy link

Hi @C4pt41nNRex - we have an Elastic Agent integration for Microsoft 365 Defender, which uses the Graph Security API to ingest incidents/alerts from M365 Defender. Could that be a suitable fit for you, or are there other Microsoft products you need to pull data in from, via the Graph Security API?

@narph narph added Team:Security-Service Integrations Security Service Integrations Team and removed Team:Security-External Integrations labels Feb 8, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Team:Security-Service Integrations Security Service Integrations Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@narph @elasticmachine @jamiehynds @C4pt41nNRex