diff --git a/packages/github/_dev/build/docs/README.md b/packages/github/_dev/build/docs/README.md index 0f0060a4ece3..d8557d194a65 100644 --- a/packages/github/_dev/build/docs/README.md +++ b/packages/github/_dev/build/docs/README.md @@ -10,7 +10,7 @@ The GitHub audit log records all events related to the GitHub organization. See To use this integration, the following prerequisites must be met: - You must be an organization owner. - - You must be using Github Enterprise Cloud. + - You must be using GitHub Enterprise Cloud. - You must use a Personal Access Token with `read:audit_log` scope. *This integration is not compatible with GitHub Enterprise server.* @@ -22,7 +22,7 @@ To use this integration, the following prerequisites must be met: ### Code Scanning -The Code Scanning lets you retrieve all security vulnerabilities and coding errors from a repository setup using Github Advanced Security Code Scanning feature. See [About code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) for more details. +The Code Scanning lets you retrieve all security vulnerabilities and coding errors from a repository setup using GitHub Advanced Security Code Scanning feature. See [About code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) for more details. To use this integration, GitHub Apps must have the `security_events` read permission. Or use a personal access token with the `security_events` scope for private repos or `public_repo` scope for public repos. See [List code scanning alerts](https://docs.github.com/en/enterprise-cloud@latest/rest/code-scanning#list-code-scanning-alerts-for-a-repository) @@ -34,7 +34,7 @@ Or use a personal access token with the `security_events` scope for private repo ### Secret Scanning -The Github Secret Scanning lets you retrieve secret scanning for advanced security alerts from a repository setup using Github Advanced Security Secret Scanning feature. See [About Secret scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning) for more details. +The GitHub Secret Scanning lets you retrieve secret scanning for advanced security alerts from a repository setup using GitHub Advanced Security Secret Scanning feature. See [About Secret scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning) for more details. To use this integration, GitHub Apps must have the `secret_scanning_alerts` read permission. Or you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the `repo` scope or `security_events` scope. For public repositories, you may instead use the `public_repo` scope. See [List secret scanning alerts](https://docs.github.com/en/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-a-repository) @@ -45,7 +45,7 @@ Or you must be an administrator for the repository or for the organization that ### Dependabot -The Github Dependabot lets you retrieve known vulnerabilites in dependencies from a repository setup using Github Advanced Security Dependabot feature. See [About Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) for more details. +The GitHub Dependabot lets you retrieve known vulnerabilites in dependencies from a repository setup using GitHub Advanced Security Dependabot feature. See [About Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) for more details. To use this integration, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the `repo` scope or `security_events` scope. For public repositories, you may instead use the `public_repo` scope. See [Authenticating with GraphQL](https://docs.github.com/en/graphql/guides/forming-calls-with-graphql#authenticating-with-graphql) and [Token Issue](https://github.com/dependabot/feedback/issues/169) @@ -55,11 +55,11 @@ To use this integration, you must be an administrator for the repository or for ### Issues -The Github Issues datastream lets you retrieve github issues, including pull requests, issue assignees, comments, labels, and milestones. See [About Issues](https://docs.github.com/en/rest/issues/issues?apiVersion=latest) for more details. You can retrieve issues for specific repository or for entire organization. Since Github API considers pull requests as issues, users can use `github.issues.is_pr` field to filter for only pull requests. +The GitHub Issues datastream lets you retrieve github issues, including pull requests, issue assignees, comments, labels, and milestones. See [About Issues](https://docs.github.com/en/rest/issues/issues?apiVersion=latest) for more details. You can retrieve issues for specific repository or for entire organization. Since GitHub API considers pull requests as issues, users can use `github.issues.is_pr` field to filter for only pull requests. All issues including `closed` are retrieved by default. If users want to retrieve only `open` requests, you need to change `State` parameter to `open`. -To use this integration, users must use Github Apps or Personal Access Token with `read` permission to repositories or organization. Please refer to [Github Apps Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=latest) and [Personal Access Token Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=latest) for more details. +To use this integration, users must use GitHub Apps or Personal Access Token with `read` permission to repositories or organization. Please refer to [GitHub Apps Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=latest) and [Personal Access Token Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=latest) for more details. {{fields "issues"}} diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index d0c61e85ae29..a6d2da35414d 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,30 @@ # newer versions go on top +- version: "2.0.0" + changes: + - description: Update fields inside fingerprint processor in code_scanning, secret_scanning, and dependabot to ingest all event updates. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 + - description: Reformat fields to add package-fields.yml across all datastreams. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 + - description: Remove github.state, github.severity due to inconsistency across datastreams. Update dashboards to use corresponding datastream-level fields instead. + type: breaking-change + link: https://github.com/elastic/integrations/pull/11518 + - description: Remove event.action field from code_scanning, secret_scanning, dependabot, and issues as it is redundant. Update dashboards to use data_stream.dataset instead. + type: breaking-change + link: https://github.com/elastic/integrations/pull/11518 + - description: Add latest transforms for github issues, dependabot, code_scanning, and secret_scanning alerts. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 + - description: Add navigation to all dashboards. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 + - description: Upgrade legacy visualization to latest for code_scanning and secret_scanning. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 + - description: Change dashboards to point to destination index for issues, dependabot, code_scanning, and secret_scanning alerts. + type: enhancement + link: https://github.com/elastic/integrations/pull/11518 - version: "1.29.3" changes: - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines. diff --git a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json index 2ced2660fca4..2605b5a4292a 100644 --- a/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json +++ b/packages/github/data_stream/code_scanning/_dev/test/pipeline/test-ghas-code-scanning-json.log-expected.json @@ -6,10 +6,11 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2020-02-13T12:29:18.000Z", - "kind": "alert", - "original": "{\"number\":4,\"created_at\":\"2020-02-13T12:29:18Z\",\"url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/4\",\"html_url\":\"https://github.com/octocat/hello-world/code-scanning/4\",\"state\":\"open\",\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/zipslip\",\"severity\":\"error\",\"tags\":[\"security\",\"external/cwe/cwe-022\"],\"description\":\"Arbitrary file write during zip extraction\",\"name\":\"js/zipslip\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.4.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/main\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:CodeQL-Build\",\"environment\":\"{}\",\"state\":\"open\",\"commit_sha\":\"39406e42cb832f683daa691dd652a8dc36ee8930\",\"message\":{\"text\":\"This path depends on a user-provided value.\"},\"location\":{\"path\":\"spec-main/api-session-spec.ts\",\"start_line\":917,\"end_line\":917,\"start_column\":7,\"end_column\":18},\"classifications\":[\"test\"]},\"instances_url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/4/instances\",\"repository\":{\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\"}}" + "original": "{\"number\":4,\"created_at\":\"2020-02-13T12:29:18Z\",\"url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/4\",\"html_url\":\"https://github.com/octocat/hello-world/code-scanning/4\",\"state\":\"open\",\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/zipslip\",\"severity\":\"error\",\"tags\":[\"security\",\"external/cwe/cwe-022\"],\"description\":\"Arbitrary file write during zip extraction\",\"name\":\"js/zipslip\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.4.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/main\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:CodeQL-Build\",\"environment\":\"{}\",\"state\":\"open\",\"commit_sha\":\"39406e42cb832f683daa691dd652a8dc36ee8930\",\"message\":{\"text\":\"This path depends on a user-provided value.\"},\"location\":{\"path\":\"spec-main/api-session-spec.ts\",\"start_line\":917,\"end_line\":917,\"start_column\":7,\"end_column\":18},\"classifications\":[\"test\"]},\"instances_url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/4/instances\",\"repository\":{\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\"}}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -61,9 +62,7 @@ }, "private": false, "url": "https://api.github.com/repos/octocat/Hello-World" - }, - "severity": "undefined", - "state": "open" + } }, "message": "This path depends on a user-provided value.", "rule": { @@ -83,15 +82,16 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2020-02-13T12:29:18.000Z", - "kind": "alert", - "original": "{\"number\":3,\"created_at\":\"2020-02-13T12:29:18Z\",\"url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/3\",\"html_url\":\"https://github.com/octocat/hello-world/code-scanning/3\",\"state\":\"dismissed\",\"dismissed_by\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2020-02-14T12:29:18Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":\"This alert is not actually correct, because there's a sanitizer included in the library.\",\"rule\":{\"id\":\"js/zipslip\",\"severity\":\"error\",\"tags\":[\"security\",\"external/cwe/cwe-022\"],\"description\":\"Arbitrary file write during zip extraction\",\"name\":\"js/zipslip\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.4.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/main\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:CodeQL-Build\",\"environment\":\"{}\",\"state\":\"open\",\"commit_sha\":\"39406e42cb832f683daa691dd652a8dc36ee8930\",\"message\":{\"text\":\"This path depends on a user-provided value.\"},\"location\":{\"path\":\"lib/ab12-gen.js\",\"start_line\":917,\"end_line\":917,\"start_column\":7,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/3/instances\",\"repository\":{\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\"} }" + "original": "{\"number\":3,\"created_at\":\"2020-02-13T12:29:18Z\",\"url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/3\",\"html_url\":\"https://github.com/octocat/hello-world/code-scanning/3\",\"state\":\"dismissed\",\"dismissed_by\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2020-02-14T12:29:18Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":\"This alert is not actually correct, because there's a sanitizer included in the library.\",\"rule\":{\"id\":\"js/zipslip\",\"severity\":\"error\",\"tags\":[\"security\",\"external/cwe/cwe-022\"],\"description\":\"Arbitrary file write during zip extraction\",\"name\":\"js/zipslip\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.4.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/main\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:CodeQL-Build\",\"environment\":\"{}\",\"state\":\"open\",\"commit_sha\":\"39406e42cb832f683daa691dd652a8dc36ee8930\",\"message\":{\"text\":\"This path depends on a user-provided value.\"},\"location\":{\"path\":\"lib/ab12-gen.js\",\"start_line\":917,\"end_line\":917,\"start_column\":7,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/3/instances\",\"repository\":{\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\"} }", + "type": [ + "deletion" + ] }, "github": { "code_scanning": { "created_at": "2020-02-13T12:29:18Z", - "dismissed_at": "2020-02-14T12:29:18Z", + "dismissed_at": "2020-02-14T12:29:18.000Z", "dismissed_by": { "html_url": "https://github.com/octocat", "id": 1, @@ -149,9 +149,7 @@ }, "private": false, "url": "https://api.github.com/repos/octocat/Hello-World" - }, - "severity": "undefined", - "state": "dismissed" + } }, "message": "This path depends on a user-provided value.", "rule": { @@ -171,10 +169,11 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T18:03:27.000Z", - "kind": "alert", - "original": "{\"number\":190,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/190\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/190\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/vulnCodeSnippet.ts\",\"start_line\":62,\"end_line\":62,\"start_column\":11,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/190/instances\" }" + "original": "{\"number\":190,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/190\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/190\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/vulnCodeSnippet.ts\",\"start_line\":62,\"end_line\":62,\"start_column\":11,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/190/instances\" }", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -216,9 +215,7 @@ "login": "sample_owner-org" }, "url": "https://api.github.com/repos/sample_owner-org/sample_repo" - }, - "severity": "medium", - "state": "open" + } }, "message": "(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.", "rule": { @@ -239,15 +236,16 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T18:03:27.000Z", - "kind": "alert", - "original": "{\"number\":189,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-07-07T17:10:47Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/189\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/189\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"sample_owner\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/sample_owner\",\"html_url\":\"https://github.com/sample_owner\",\"followers_url\":\"https://api.github.com/users/sample_owner/followers\",\"following_url\":\"https://api.github.com/users/sample_owner/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/sample_owner/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/sample_owner/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/sample_owner/subscriptions\",\"organizations_url\":\"https://api.github.com/users/sample_owner/orgs\",\"repos_url\":\"https://api.github.com/users/sample_owner/repos\",\"events_url\":\"https://api.github.com/users/sample_owner/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/sample_owner/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-07T17:10:47Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/vulnCodeSnippet.ts\",\"start_line\":54,\"end_line\":54,\"start_column\":11,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/189/instances\" }" + "original": "{\"number\":189,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-07-07T17:10:47Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/189\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/189\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"sample_owner\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/sample_owner\",\"html_url\":\"https://github.com/sample_owner\",\"followers_url\":\"https://api.github.com/users/sample_owner/followers\",\"following_url\":\"https://api.github.com/users/sample_owner/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/sample_owner/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/sample_owner/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/sample_owner/subscriptions\",\"organizations_url\":\"https://api.github.com/users/sample_owner/orgs\",\"repos_url\":\"https://api.github.com/users/sample_owner/repos\",\"events_url\":\"https://api.github.com/users/sample_owner/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/sample_owner/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-07T17:10:47Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/vulnCodeSnippet.ts\",\"start_line\":54,\"end_line\":54,\"start_column\":11,\"end_column\":18},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/189/instances\" }", + "type": [ + "deletion" + ] }, "github": { "code_scanning": { "created_at": "2022-06-29T18:03:27Z", - "dismissed_at": "2022-07-07T17:10:47Z", + "dismissed_at": "2022-07-07T17:10:47.000Z", "dismissed_by": { "html_url": "https://github.com/sample_owner", "id": 11301409, @@ -297,9 +295,7 @@ "login": "sample_owner-org" }, "url": "https://api.github.com/repos/sample_owner-org/sample_repo" - }, - "severity": "medium", - "state": "dismissed" + } }, "message": "(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\n(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.", "rule": { @@ -320,10 +316,11 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T18:03:27.000Z", - "kind": "alert", - "original": "{\"number\":188,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/188\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/188\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/saveLoginIp.ts\",\"start_line\":28,\"end_line\":28,\"start_column\":37,\"end_column\":60},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/188/instances\"}" + "original": "{\"number\":188,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/188\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/188\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/saveLoginIp.ts\",\"start_line\":28,\"end_line\":28,\"start_column\":37,\"end_column\":60},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/188/instances\"}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -365,9 +362,7 @@ "login": "sample_owner-org" }, "url": "https://api.github.com/repos/sample_owner-org/sample_repo" - }, - "severity": "medium", - "state": "open" + } }, "message": "(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.", "rule": { @@ -388,10 +383,11 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T18:03:27.000Z", - "kind": "alert", - "original": "{\"number\":187,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/187\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/187\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/profileImageUrlUpload.ts\",\"start_line\":33,\"end_line\":33,\"start_column\":144,\"end_column\":147},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/187/instances\"}" + "original": "{\"number\":187,\"created_at\":\"2022-06-29T18:03:27Z\",\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/187\",\"html_url\":\"https://github.com/sample_owner-org/sample_repo/security/code-scanning/187\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/ml-powered/xss\",\"severity\":\"error\",\"description\":\"Client-side cross-site scripting (experimental)\",\"name\":\"js/ml-powered/xss\",\"tags\":[\"experimental\",\"external/cwe/cwe-079\",\"security\"],\"security_severity_level\":\"medium\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.9.4\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"message\":{\"text\":\"(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.\"},\"location\":{\"path\":\"routes/profileImageUrlUpload.ts\",\"start_line\":33,\"end_line\":33,\"start_column\":144,\"end_column\":147},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/sample_owner-org/sample_repo/code-scanning/alerts/187/instances\"}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -433,9 +429,7 @@ "login": "sample_owner-org" }, "url": "https://api.github.com/repos/sample_owner-org/sample_repo" - }, - "severity": "medium", - "state": "open" + } }, "message": "(Experimental) This may be a cross-site scripting vulnerability due to a user-provided value. Identified using machine learning.", "rule": { @@ -456,10 +450,11 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T06:26:37.000Z", - "kind": "alert", - "original": "{\"number\":90,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/90\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/90\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/insufficient-password-hash\",\"severity\":\"warning\",\"description\":\"Use of password hash with insufficient computational effort\",\"name\":\"js/insufficient-password-hash\",\"tags\":[\"external/cwe/cwe-916\",\"security\"],\"security_severity_level\":\"high\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"Password from an access to clearTextPassword is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\\nPassword from an access to currentPassword is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\"},\"location\":{\"path\":\"lib/insecurity.ts\",\"start_line\":42,\"end_line\":42,\"start_column\":66,\"end_column\":70},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/90/instances\"}" + "original": "{\"number\":90,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/90\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/90\",\"state\":\"open\",\"fixed_at\":null,\"dismissed_by\":null,\"dismissed_at\":null,\"dismissed_reason\":null,\"dismissed_comment\":null,\"rule\":{\"id\":\"js/insufficient-password-hash\",\"severity\":\"warning\",\"description\":\"Use of password hash with insufficient computational effort\",\"name\":\"js/insufficient-password-hash\",\"tags\":[\"external/cwe/cwe-916\",\"security\"],\"security_severity_level\":\"high\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"open\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"Password from an access to clearTextPassword is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\\nPassword from an access to currentPassword is hashed insecurely.\\nPassword from an access to password is hashed insecurely.\"},\"location\":{\"path\":\"lib/insecurity.ts\",\"start_line\":42,\"end_line\":42,\"start_column\":66,\"end_column\":70},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/90/instances\"}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -501,9 +496,7 @@ "login": "kcreddy" }, "url": "https://api.github.com/repos/kcreddy/juice-shop" - }, - "severity": "high", - "state": "open" + } }, "message": "Password from an access to clearTextPassword is hashed insecurely.\nPassword from an access to password is hashed insecurely.\nPassword from an access to password is hashed insecurely.\nPassword from an access to currentPassword is hashed insecurely.\nPassword from an access to password is hashed insecurely.", "rule": { @@ -523,15 +516,16 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T06:26:37.000Z", - "kind": "alert", - "original": "{\"number\":91,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/91\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/91\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-20T11:40:20Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":\"This is a false positive alert\",\"rule\":{\"id\":\"js/request-forgery\",\"severity\":\"error\",\"description\":\"Server-side request forgery\",\"name\":\"js/request-forgery\",\"tags\":[\"external/cwe/cwe-918\",\"security\"],\"security_severity_level\":\"critical\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"The URL of this request depends on a user-provided value.\"},\"location\":{\"path\":\"routes/profileImageUrlUpload.ts\",\"start_line\":22,\"end_line\":23,\"start_column\":30,\"end_column\":20},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/91/instances\"}" + "original": "{\"number\":91,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/91\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/91\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-20T11:40:20Z\",\"dismissed_reason\":\"false positive\",\"dismissed_comment\":\"This is a false positive alert\",\"rule\":{\"id\":\"js/request-forgery\",\"severity\":\"error\",\"description\":\"Server-side request forgery\",\"name\":\"js/request-forgery\",\"tags\":[\"external/cwe/cwe-918\",\"security\"],\"security_severity_level\":\"critical\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"The URL of this request depends on a user-provided value.\"},\"location\":{\"path\":\"routes/profileImageUrlUpload.ts\",\"start_line\":22,\"end_line\":23,\"start_column\":30,\"end_column\":20},\"classifications\":[]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/91/instances\"}", + "type": [ + "deletion" + ] }, "github": { "code_scanning": { "created_at": "2022-06-29T06:26:37Z", - "dismissed_at": "2022-07-20T11:40:20Z", + "dismissed_at": "2022-07-20T11:40:20.000Z", "dismissed_by": { "html_url": "https://github.com/kcreddy", "id": 11301409, @@ -582,9 +576,7 @@ "login": "kcreddy" }, "url": "https://api.github.com/repos/kcreddy/juice-shop" - }, - "severity": "critical", - "state": "dismissed" + } }, "message": "The URL of this request depends on a user-provided value.", "rule": { @@ -604,15 +596,16 @@ "version": "8.11.0" }, "event": { - "action": "code_scanning", "created": "2022-06-29T06:26:37.000Z", - "kind": "alert", - "original": "{\"number\":83,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/83\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/83\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-08T11:58:58Z\",\"dismissed_reason\":\"used in tests\",\"dismissed_comment\":\"used it tests\",\"rule\":{\"id\":\"js/hardcoded-credentials\",\"severity\":\"warning\",\"description\":\"Hard-coded credentials\",\"name\":\"js/hardcoded-credentials\",\"tags\":[\"external/cwe/cwe-259\",\"external/cwe/cwe-321\",\"external/cwe/cwe-798\",\"security\"],\"security_severity_level\":\"critical\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"The hard-coded value \\\"Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJkYXRhIjp7ImVtYWlsIjoiand0bjNkQGp1aWNlLXNoLm9wIn0sImlhdCI6MTUwODYzOTYxMiwiZXhwIjo5OTk5OTk5OTk5fQ.\\\" is used as authorization header.\"},\"location\":{\"path\":\"test/server/verifySpec.ts\",\"start_line\":262,\"end_line\":262,\"start_column\":38,\"end_column\":182},\"classifications\":[\"test\"]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/83/instances\"}" + "original": "{\"number\":83,\"created_at\":\"2022-06-29T06:26:37Z\",\"updated_at\":\"2022-08-01T23:53:17Z\",\"url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/83\",\"html_url\":\"https://github.com/kcreddy/juice-shop/security/code-scanning/83\",\"state\":\"dismissed\",\"fixed_at\":null,\"dismissed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"dismissed_at\":\"2022-07-08T11:58:58Z\",\"dismissed_reason\":\"used in tests\",\"dismissed_comment\":\"used it tests\",\"rule\":{\"id\":\"js/hardcoded-credentials\",\"severity\":\"warning\",\"description\":\"Hard-coded credentials\",\"name\":\"js/hardcoded-credentials\",\"tags\":[\"external/cwe/cwe-259\",\"external/cwe/cwe-321\",\"external/cwe/cwe-798\",\"security\"],\"security_severity_level\":\"critical\"},\"tool\":{\"name\":\"CodeQL\",\"guid\":null,\"version\":\"2.10.0\"},\"most_recent_instance\":{\"ref\":\"refs/heads/master\",\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"environment\":\"{\\\"language\\\":\\\"javascript\\\"}\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"state\":\"dismissed\",\"commit_sha\":\"99b8afe2c5940a5f4b722b3eb0e3b657603c4607\",\"message\":{\"text\":\"The hard-coded value \\\"Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJkYXRhIjp7ImVtYWlsIjoiand0bjNkQGp1aWNlLXNoLm9wIn0sImlhdCI6MTUwODYzOTYxMiwiZXhwIjo5OTk5OTk5OTk5fQ.\\\" is used as authorization header.\"},\"location\":{\"path\":\"test/server/verifySpec.ts\",\"start_line\":262,\"end_line\":262,\"start_column\":38,\"end_column\":182},\"classifications\":[\"test\"]},\"instances_url\":\"https://api.github.com/repos/kcreddy/juice-shop/code-scanning/alerts/83/instances\"}", + "type": [ + "deletion" + ] }, "github": { "code_scanning": { "created_at": "2022-06-29T06:26:37Z", - "dismissed_at": "2022-07-08T11:58:58Z", + "dismissed_at": "2022-07-08T11:58:58.000Z", "dismissed_by": { "html_url": "https://github.com/kcreddy", "id": 11301409, @@ -666,9 +659,7 @@ "login": "kcreddy" }, "url": "https://api.github.com/repos/kcreddy/juice-shop" - }, - "severity": "critical", - "state": "dismissed" + } }, "message": "The hard-coded value \"Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJkYXRhIjp7ImVtYWlsIjoiand0bjNkQGp1aWNlLXNoLm9wIn0sImlhdCI6MTUwODYzOTYxMiwiZXhwIjo5OTk5OTk5OTk5fQ.\" is used as authorization header.", "rule": { diff --git a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml index 22cdeb30aea7..5a4adf23d80c 100644 --- a/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/code_scanning/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,6 @@ processors: - set: field: ecs.version value: '8.11.0' - - set: - field: event.action - value: "code_scanning" - - set: - field: event.kind - value: "alert" - rename: field: message target_field: event.original @@ -21,12 +15,19 @@ processors: - fail: if: "!(ctx.github.code_scanning instanceof Map)" message: Missing JSON object - - fingerprint: - fields: - - github.code_scanning.number - - github.code_scanning.updated_at - target_field: "_id" + - remove: + field: + - event.kind ignore_missing: true + description: Fields defined as constant_keyword are removed from _source for storage efficiency. + - append: + field: event.type + value: creation + if: ctx.github?.code_scanning?.fixed_at == null && ctx.github?.code_scanning?.dismissed_at == null + - append: + field: event.type + value: deletion + if: ctx.github?.code_scanning?.fixed_at != null || ctx.github?.code_scanning?.dismissed_at != null - date: field: github.code_scanning.created_at formats: @@ -48,6 +49,13 @@ processors: timezone: UTC target_field: "@timestamp" if: ctx.github.code_scanning.updated_at != null + - date: + field: github.code_scanning.dismissed_at + formats: + - ISO8601 + timezone: UTC + target_field: github.code_scanning.dismissed_at + if: ctx.github?.code_scanning?.dismissed_at != null - rename: target_field: _temp field: github.code_scanning.repository @@ -135,24 +143,22 @@ processors: target_field: github.code_scanning.number if: ctx.github.code_scanning.number == null ignore_missing: true + - fingerprint: + fields: + - github.repository.owner.login + - github.repository.name + - github.code_scanning.number + - github.code_scanning.created_at + - github.code_scanning.updated_at + - github.code_scanning.dismissed_at + target_field: "_id" + ignore_missing: true - lowercase: field: github.code_scanning.state ignore_missing: true - lowercase: field: github.code_scanning.rule.security_severity_level ignore_missing: true - - set: - field: github.severity - value: "{{{github.code_scanning.rule.security_severity_level}}}" - if: ctx.github.code_scanning.rule?.security_severity_level != null - - set: - field: github.severity - value: "undefined" - if: ctx.github.severity == null - - set: - field: github.state - value: "{{{github.code_scanning.state}}}" - if: ctx.github.code_scanning.state != null - rename: target_field: _temp.dismissed_by field: github.code_scanning.dismissed_by diff --git a/packages/github/data_stream/code_scanning/fields/agent.yml b/packages/github/data_stream/code_scanning/fields/agent.yml index bc42d0a853bc..3a1b4c228964 100644 --- a/packages/github/data_stream/code_scanning/fields/agent.yml +++ b/packages/github/data_stream/code_scanning/fields/agent.yml @@ -6,18 +6,18 @@ fields: - name: containerized type: boolean - description: > - If the host is a container. - + description: If the host is a container. - name: os.build type: keyword example: "18D109" - description: > - OS build information. - + description: OS build information. - name: os.codename type: keyword example: "stretch" - description: > - OS codename, if any. - + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/data_stream/code_scanning/fields/base-fields.yml b/packages/github/data_stream/code_scanning/fields/base-fields.yml index d41ac5043bce..0651037f3aa3 100644 --- a/packages/github/data_stream/code_scanning/fields/base-fields.yml +++ b/packages/github/data_stream/code_scanning/fields/base-fields.yml @@ -1,23 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset name. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module value: github + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset value: github.code_scanning -- name: "@timestamp" - type: date - description: Event timestamp. -- name: input.type - type: keyword - description: Type of Filebeat input. + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/data_stream/code_scanning/fields/ecs.yml b/packages/github/data_stream/code_scanning/fields/ecs.yml new file mode 100644 index 000000000000..b0f81a9b1bc2 --- /dev/null +++ b/packages/github/data_stream/code_scanning/fields/ecs.yml @@ -0,0 +1,4 @@ +# Define ECS constant fields as constant_keyword +- name: event.kind + type: constant_keyword + value: alert diff --git a/packages/github/data_stream/code_scanning/fields/fields.yml b/packages/github/data_stream/code_scanning/fields/fields.yml index 509e7018d8d6..614b8a8a7d8b 100644 --- a/packages/github/data_stream/code_scanning/fields/fields.yml +++ b/packages/github/data_stream/code_scanning/fields/fields.yml @@ -6,43 +6,31 @@ fields: - name: number type: integer - description: >- - The security alert number + description: The security alert number. - name: created_at type: date - description: >- - The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: updated_at type: date - description: >- - The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: url type: keyword - description: >- - The REST API URL of the alert resource + description: The REST API URL of the alert resource. - name: html_url type: keyword - description: >- - The GitHub URL of the alert resource. + description: The GitHub URL of the alert resource. - name: state type: keyword - description: > - State of a code scanning alert - + description: State of a code scanning alert. - name: instances_url type: keyword - description: >- - The REST API URL for fetching the list of instances for an alert + description: The REST API URL for fetching the list of instances for an alert. - name: fixed_at type: date - description: > - The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` - + description: The time that the alert was no longer detected and was considered fixed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: dismissed_by type: group - description: > - Information of user who dismissed the alert - + description: Information of user who dismissed the alert. fields: - name: name type: keyword @@ -62,109 +50,71 @@ type: boolean - name: dismissed_at type: date - description: > - The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. - + description: The time that the alert was dismissed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: dismissed_reason type: keyword - description: > - The reason for dismissing or closing the alert. - + description: The reason for dismissing or closing the alert. - name: dismissed_comment type: keyword - description: > - The dismissal comment associated with the dismissal of the alert. - + description: The dismissal comment associated with the dismissal of the alert. - name: time_to_resolution.sec type: long format: duration unit: s metric_type: gauge - description: > - The time taken to either dismiss or fix the alert in seconds. - + description: The time taken to either dismiss or fix the alert in seconds. - name: rule type: group fields: - name: severity type: keyword - description: > - The severity of the alert - + description: The severity of the alert. - name: security_severity_level type: keyword - description: > - The security severity of the alert - + description: The security severity of the alert. - name: full_description type: text - description: > - Description of the rule used to detect the alert. - + description: Description of the rule used to detect the alert. - name: help type: text - description: > - Detailed documentation for the rule as GitHub Flavored Markdown - + description: Detailed documentation for the rule as GitHub Flavored Markdown. - name: tool type: group fields: - name: name type: keyword - description: > - The name of the tool used to generate the code scanning analysis. - + description: The name of the tool used to generate the code scanning analysis. - name: version type: keyword - description: > - The version of the tool used to generate the code scanning analysis. - + description: The version of the tool used to generate the code scanning analysis. - name: guid type: keyword - description: > - The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data. - + description: The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data. - name: most_recent_instance type: group - description: > - Most recent instance of this alert for the default branch or for the specified Git reference - + description: Most recent instance of this alert for the default branch or for the specified Git reference. fields: - name: ref type: keyword - description: > - The full Git reference, formatted as `refs/heads/`,\n`refs/pull//merge`, or `refs/pull//head`. - + description: The full Git reference, formatted as `refs/heads/`,\n`refs/pull//merge`, or `refs/pull//head`. - name: analysis_key type: keyword - description: > - Identifies the configuration under which the analysis was executed. For example, in GitHub Actions this includes the workflow filename and job name. - + description: Identifies the configuration under which the analysis was executed. For example, in GitHub Actions this includes the workflow filename and job name. - name: environment type: keyword - description: > - Identifies the variable values associated with the environment in which the analysis that generated this alert instance was performed, such as the language that was analyzed. - + description: Identifies the variable values associated with the environment in which the analysis that generated this alert instance was performed, such as the language that was analyzed. - name: category type: keyword - description: > - Identifies the configuration under which the analysis was executed. Used to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. - + description: Identifies the configuration under which the analysis was executed. Used to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. - name: state type: keyword - description: > - State of a code scanning alert. - + description: State of a code scanning alert. - name: commit_sha type: keyword - description: > - Github commit sha - + description: GitHub commit sha. - name: location type: group - description: > - Describe a region within a file for the alert. - + description: Describe a region within a file for the alert. fields: - name: path type: keyword @@ -180,80 +130,4 @@ type: keyword - name: classifications type: keyword - description: > - Classifications that have been applied to the file that triggered the alert.\nFor example identifying it as documentation, or a generated file. - - - name: severity - type: keyword - description: > - The security severity of the alert - - - name: state - type: keyword - description: > - State of a code scanning alert - - - name: repository - type: group - description: > - Information on the Github repository associated with the alert - - fields: - - name: id - type: integer - description: > - A unique identifier of the repository. - - - name: name - type: keyword - description: > - The name of the repository. - - - name: full_name - type: keyword - description: > - The full, globally unique, name of the repository. - - - name: private - type: boolean - description: > - Whether the repository is private. - - - name: html_url - type: keyword - description: > - The URL to view the repository on GitHub.com. - - - name: description - type: text - description: > - The repository description. - - - name: fork - type: boolean - description: > - Whether the repository is a fork - - - name: url - type: keyword - description: > - The URL to get more information about the repository from the GitHub API. - - - name: owner - type: group - description: > - Repository Owner - - fields: - - name: login - type: keyword - - name: id - type: integer - - name: url - type: keyword - - name: html_url - type: keyword - - name: type - type: keyword - - name: site_admin - type: boolean + description: Classifications that have been applied to the file that triggered the alert.\nFor example identifying it as documentation, or a generated file. diff --git a/packages/github/data_stream/code_scanning/fields/is-transform-source-true.yml b/packages/github/data_stream/code_scanning/fields/is-transform-source-true.yml new file mode 100644 index 000000000000..fd4766eacd52 --- /dev/null +++ b/packages/github/data_stream/code_scanning/fields/is-transform-source-true.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "true" diff --git a/packages/github/data_stream/code_scanning/fields/package-fields.yml b/packages/github/data_stream/code_scanning/fields/package-fields.yml new file mode 100644 index 000000000000..0e22ea0bcab6 --- /dev/null +++ b/packages/github/data_stream/code_scanning/fields/package-fields.yml @@ -0,0 +1,62 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. + - name: site_admin + type: boolean + description: Whether the owner is a site administrator. diff --git a/packages/github/data_stream/code_scanning/sample_event.json b/packages/github/data_stream/code_scanning/sample_event.json index a667915dcd4d..38a4f3cb8c0b 100644 --- a/packages/github/data_stream/code_scanning/sample_event.json +++ b/packages/github/data_stream/code_scanning/sample_event.json @@ -1,33 +1,34 @@ { "@timestamp": "2022-06-29T18:03:27.000Z", "agent": { - "ephemeral_id": "b359acfc-81ff-4631-8a85-05f9627d12e4", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "6ff86bf4-40bb-48d0-a0c3-7620a07cc706", + "id": "2b4faf01-5ea6-4888-8ea5-db817b2b8915", + "name": "elastic-agent-67340", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.code_scanning", - "namespace": "ep", + "namespace": "68459", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "2b4faf01-5ea6-4888-8ea5-db817b2b8915", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "code_scanning", "agent_id_status": "verified", "created": "2022-06-29T18:03:27.000Z", "dataset": "github.code_scanning", - "ingested": "2024-01-18T15:59:07Z", - "kind": "alert", - "original": "{\"created_at\":\"2022-06-29T18:03:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/code-scanning/91\",\"most_recent_instance\":{\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"classifications\":[],\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"location\":{\"end_column\":50,\"end_line\":67,\"path\":\"routes/chatbot.ts\",\"start_column\":23,\"start_line\":67},\"message\":{\"text\":\"(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.\"},\"ref\":\"refs/heads/master\",\"state\":\"open\"},\"number\":90,\"rule\":{\"description\":\"SQL database query built from user-controlled sources (experimental)\",\"id\":\"js/ml-powered/sql-injection\",\"security_severity_level\":\"high\",\"severity\":\"error\",\"tags\":[\"experimental\",\"external/cwe/cwe-089\",\"security\"]},\"state\":\"open\",\"tool\":{\"name\":\"CodeQL\",\"version\":\"2.9.4\"},\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/code-scanning/alerts/91\"}" + "ingested": "2024-10-30T03:17:27Z", + "original": "{\"created_at\":\"2022-06-29T18:03:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/code-scanning/91\",\"most_recent_instance\":{\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"classifications\":[],\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"location\":{\"end_column\":50,\"end_line\":67,\"path\":\"routes/chatbot.ts\",\"start_column\":23,\"start_line\":67},\"message\":{\"text\":\"(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.\"},\"ref\":\"refs/heads/master\",\"state\":\"open\"},\"number\":90,\"rule\":{\"description\":\"SQL database query built from user-controlled sources (experimental)\",\"id\":\"js/ml-powered/sql-injection\",\"security_severity_level\":\"high\",\"severity\":\"error\",\"tags\":[\"experimental\",\"external/cwe/cwe-089\",\"security\"]},\"state\":\"open\",\"tool\":{\"name\":\"CodeQL\",\"version\":\"2.9.4\"},\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/code-scanning/alerts/91\"}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -67,9 +68,7 @@ "login": "sample_owner" }, "url": "https://api.github.com/repos/sample_owner/sample_repo" - }, - "severity": "high", - "state": "open" + } }, "input": { "type": "httpjson" diff --git a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json index 82b79bf1ca23..42d42a45e89d 100644 --- a/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json +++ b/packages/github/data_stream/dependabot/_dev/test/pipeline/test-ghas-dependabot-json.log-expected.json @@ -6,11 +6,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":1,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":0,\"vectorString\":null},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-20\",\"description\":\"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\",\"name\":\"Improper Input Validation\"}]},\"description\":\"Versions 4.2.1 and earlier of `jsonwebtoken` are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.\\n\\n\\n\\n\\n## Recommendation\\n\\nUpdate to version 4.2.2 or later.\",\"ghsaId\":\"GHSA-c7hr-j4mj-j2w6\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-c7hr-j4mj-j2w6\"},{\"type\":\"CVE\",\"value\":\"CVE-2015-9235\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2015-9235\"},{\"url\":\"https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687\"},{\"url\":\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"},{\"url\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\"},{\"url\":\"https://www.npmjs.com/advisories/17\"},{\"url\":\"https://www.timmclean.net/2015/02/25/jwt-alg-none.html\"},{\"url\":\"https://nodesecurity.io/advisories/17\"}],\"publishedAt\":\"2018-10-09T00:38:30Z\",\"severity\":\"CRITICAL\",\"summary\":\"Verification Bypass in jsonwebtoken\",\"updatedAt\":\"2021-01-08T19:00:39Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"4.2.2\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"jsonwebtoken\"},\"severity\":\"CRITICAL\",\"updatedAt\":\"2018-11-30T19:54:28Z\",\"vulnerableVersionRange\":\"< 4.2.2\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 0.4.0\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -70,16 +71,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "critical", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -113,11 +112,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":2,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":0,\"vectorString\":null},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-79\",\"description\":\"The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.\",\"name\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}]},\"description\":\"Affected versions of `sanitize-html` are vulnerable to cross-site scripting when allowedTags includes at least one `nonTextTag`.\\n\\n## Proof of Concept\\n\\n```\\nvar sanitizeHtml = require('sanitize-html');\\n\\nvar dirty = '!!';\\nvar clean = sanitizeHtml(dirty, {\\n allowedTags: [ 'textarea' ]\\n});\\n\\nconsole.log(clean);\\n\\n// !!\\n```\\n\\n\\n## Recommendation\\n\\nUpdate to version 1.11.4 or later.\",\"ghsaId\":\"GHSA-xc6g-ggrc-qq4r\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-xc6g-ggrc-qq4r\"},{\"type\":\"CVE\",\"value\":\"CVE-2017-16016\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-xc6g-ggrc-qq4r\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2017-16016\"},{\"url\":\"https://github.com/punkave/sanitize-html/issues/100\"},{\"url\":\"https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403)))\"},{\"url\":\"https://github.com/advisories/GHSA-xc6g-ggrc-qq4r\"},{\"url\":\"https://npmjs.com/package/sanitize-html#discarding-the-entire-contents-of-a-disallowed-tag\"},{\"url\":\"https://www.npmjs.com/advisories/154\"},{\"url\":\"https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403\"},{\"url\":\"https://nodesecurity.io/advisories/154\"}],\"publishedAt\":\"2018-11-09T17:47:23Z\",\"severity\":\"MODERATE\",\"summary\":\"Cross-Site Scripting in sanitize-html\",\"updatedAt\":\"2021-01-08T21:15:03Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"1.11.4\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"sanitize-html\"},\"severity\":\"MODERATE\",\"updatedAt\":\"2018-11-09T17:46:08Z\",\"vulnerableVersionRange\":\"<= 1.11.1\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 1.4.2\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -177,16 +177,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "moderate", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -221,11 +219,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":3,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":6.1,\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\"},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-79\",\"description\":\"The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.\",\"name\":\"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\"}]},\"description\":\"Affected versions of `sanitize-html` do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript.\\n\\n\\n## Recommendation\\n\\nUpdate to version 1.4.3 or later.\",\"ghsaId\":\"GHSA-3j7m-hmh3-9jmp\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-3j7m-hmh3-9jmp\"},{\"type\":\"CVE\",\"value\":\"CVE-2016-1000237\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-3j7m-hmh3-9jmp\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2016-1000237\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/issues/29\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf\"},{\"url\":\"https://nodesecurity.io/advisories/135\"},{\"url\":\"https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json\"},{\"url\":\"https://github.com/punkave/sanitize-html/issues/29\"},{\"url\":\"https://www.npmjs.com/advisories/135\"},{\"url\":\"https://github.com/advisories/GHSA-3j7m-hmh3-9jmp\"}],\"publishedAt\":\"2020-04-16T03:14:47Z\",\"severity\":\"MODERATE\",\"summary\":\"Cross-Site Scripting in sanitize-html\",\"updatedAt\":\"2021-08-23T15:18:04Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"1.4.3\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"sanitize-html\"},\"severity\":\"MODERATE\",\"updatedAt\":\"2020-04-16T02:54:09Z\",\"vulnerableVersionRange\":\"< 1.4.3\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 1.4.2\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -288,16 +287,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "moderate", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -333,11 +330,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":4,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":7.7,\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\"},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-285\",\"description\":\"The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.\",\"name\":\"Improper Authorization\"}]},\"description\":\"### Overview\\nVersions before and including 5.3.3, we are not enforcing the **algorithms** entry to be specified in the configuration.\\nWhen **algorithms** is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. \\n\\n### Am I affected?\\nYou are affected by this vulnerability if all of the following conditions apply:\\n\\nYou are using express-jwt\\nAND \\nYou do not have **algorithms** configured in your express-jwt configuration.\\nAND\\nYou are using libraries such as jwks-rsa as the **secret**. \\n\\n### How to fix that?\\nSpecify **algorithms** in the express-jwt configuration. The following is an example of a proper configuration\\n\\n``` \\nconst checkJwt = jwt({\\n secret: jwksRsa.expressJwtSecret({\\n rateLimit: true,\\n jwksRequestsPerMinute: 5,\\n jwksUri: `https://${DOMAIN}/.well-known/jwks.json`\\n }),\\n // Validate the audience and the issuer.\\n audience: process.env.AUDIENCE,\\n issuer: `https://${DOMAIN}/`,\\n // restrict allowed algorithms\\n algorithms: ['RS256']\\n}); \\n```\\n\\n### Will this update impact my users?\\nThe fix provided in patch will not affect your users if you specified the algorithms allowed. The patch now makes **algorithms** a required configuration. \\n\\n\\n### Credit\\nIST Group\",\"ghsaId\":\"GHSA-6g6m-m6h5-w9gf\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-6g6m-m6h5-w9gf\"},{\"type\":\"CVE\",\"value\":\"CVE-2020-15084\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-6g6m-m6h5-w9gf\",\"references\":[{\"url\":\"https://github.com/auth0/express-jwt/security/advisories/GHSA-6g6m-m6h5-w9gf\"},{\"url\":\"https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef\"},{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2020-15084\"},{\"url\":\"https://github.com/advisories/GHSA-6g6m-m6h5-w9gf\"}],\"publishedAt\":\"2020-06-30T16:05:24Z\",\"severity\":\"HIGH\",\"summary\":\"Authorization bypass in express-jwt\",\"updatedAt\":\"2021-01-07T23:49:23Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"6.0.0\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"express-jwt\"},\"severity\":\"HIGH\",\"updatedAt\":\"2020-06-30T16:04:50Z\",\"vulnerableVersionRange\":\"<= 5.3.3\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 0.1.3\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -400,16 +398,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "high", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -441,11 +437,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":null,\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":5,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":0,\"vectorString\":null},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-77\",\"description\":\"The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.\",\"name\":\"Improper Neutralization of Special Elements used in a Command ('Command Injection')\"}]},\"description\":\"All versions of `marsdb` are vulnerable to Command Injection. In the `DocumentMatcher` class, selectors on `$where` clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed.\\n\\n\\n## Recommendation\\n\\nNo fix is currently available. Consider using an alternative package until a fix is made available.\",\"ghsaId\":\"GHSA-5mrr-rgp6-x4gr\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-5mrr-rgp6-x4gr\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-5mrr-rgp6-x4gr\",\"references\":[{\"url\":\"https://github.com/bkimminich/juice-shop/issues/1173\"},{\"url\":\"https://www.npmjs.com/advisories/1122\"},{\"url\":\"https://github.com/advisories/GHSA-5mrr-rgp6-x4gr\"}],\"publishedAt\":\"2020-09-03T19:39:05Z\",\"severity\":\"CRITICAL\",\"summary\":\"Command Injection in marsdb\",\"updatedAt\":\"2021-09-29T16:28:07Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":null,\"package\":{\"ecosystem\":\"NPM\",\"name\":\"marsdb\"},\"severity\":\"CRITICAL\",\"updatedAt\":\"2020-08-31T18:48:02Z\",\"vulnerableVersionRange\":\">= 0.0.0\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"^ 0.6.11\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -491,16 +488,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "critical", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -530,11 +525,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":6,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":5.3,\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\"},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-20\",\"description\":\"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\",\"name\":\"Improper Input Validation\"}]},\"description\":\"Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \\\"allowedIframeHostnames\\\" option when the \\\"allowIframeRelativeUrls\\\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \\\"/\\\\\\\\example.com\\\".\",\"ghsaId\":\"GHSA-mjxr-4v3x-q3m4\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-mjxr-4v3x-q3m4\"},{\"type\":\"CVE\",\"value\":\"CVE-2021-26540\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-mjxr-4v3x-q3m4\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2021-26540\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/pull/460\"},{\"url\":\"https://advisory.checkmarx.net/advisory/CX-2021-4309\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#232-2021-01-26\"},{\"url\":\"https://github.com/advisories/GHSA-mjxr-4v3x-q3m4\"}],\"publishedAt\":\"2021-05-06T16:10:19Z\",\"severity\":\"MODERATE\",\"summary\":\"Improper Input Validation in sanitize-html\",\"updatedAt\":\"2021-05-06T16:10:19Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"2.3.2\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"sanitize-html\"},\"severity\":\"MODERATE\",\"updatedAt\":\"2021-03-29T23:13:11Z\",\"vulnerableVersionRange\":\"< 2.3.2\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 1.4.2\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -597,16 +593,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "moderate", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -639,13 +633,14 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", "duration": 55389000000000, "end": "2022-07-12T03:02:16Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":\"No bandwidth to fix this\",\"dismissedAt\":\"2022-07-12T03:02:16Z\",\"dismisser\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"fixedAt\":null,\"number\":7,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":5.3,\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\"},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-20\",\"description\":\"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\",\"name\":\"Improper Input Validation\"}]},\"description\":\"Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \\\"allowedIframeHostnames\\\" option.\",\"ghsaId\":\"GHSA-rjqq-98f6-6j3r\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-rjqq-98f6-6j3r\"},{\"type\":\"CVE\",\"value\":\"CVE-2021-26539\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-rjqq-98f6-6j3r\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2021-26539\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/pull/458\"},{\"url\":\"https://advisory.checkmarx.net/advisory/CX-2021-4308\"},{\"url\":\"https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md#231-2021-01-22\"},{\"url\":\"https://github.com/advisories/GHSA-rjqq-98f6-6j3r\"}],\"publishedAt\":\"2021-05-06T16:10:05Z\",\"severity\":\"MODERATE\",\"summary\":\"Improper Input Validation in sanitize-html\",\"updatedAt\":\"2022-04-27T19:14:13Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"2.3.1\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"sanitize-html\"},\"severity\":\"MODERATE\",\"updatedAt\":\"2021-03-29T23:13:26Z\",\"vulnerableVersionRange\":\"< 2.3.1\"},\"state\":\"DISMISSED\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 1.4.2\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "deletion" + ] }, "github": { "dependabot": { @@ -714,16 +709,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "moderate", - "state": "dismissed" + } }, "tags": [ "preserve_original_event" @@ -756,11 +749,12 @@ "version": "8.11.0" }, "event": { - "action": "dependabot", "created": "2022-07-11T11:39:07.000Z", - "kind": "alert", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":8,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"juice-shop\",\"owner\":{\"login\":\"kcreddy\",\"url\":\"https://github.com/kcreddy\"},\"url\":\"https://github.com/kcreddy/juice-shop\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":7.5,\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-248\",\"description\":\"An exception is thrown from a function, but it is not caught.\",\"name\":\"Uncaught Exception\"}]},\"description\":\"Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of `sqlite3` v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.\\n\",\"ghsaId\":\"GHSA-9qrh-qjmc-5w2p\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-9qrh-qjmc-5w2p\"},{\"type\":\"CVE\",\"value\":\"CVE-2022-21227\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-9qrh-qjmc-5w2p\",\"references\":[{\"url\":\"https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-9qrh-qjmc-5w2p\"},{\"url\":\"https://github.com/TryGhost/node-sqlite3/issues/1440\"},{\"url\":\"https://github.com/TryGhost/node-sqlite3/issues/1449\"},{\"url\":\"https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a\"},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645\"},{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2022-21227\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805470\"},{\"url\":\"https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645\"},{\"url\":\"https://github.com/advisories/GHSA-9qrh-qjmc-5w2p\"}],\"publishedAt\":\"2022-04-28T20:25:23Z\",\"severity\":\"HIGH\",\"summary\":\"Denial-of-Service when binding invalid parameters in sqlite3\",\"updatedAt\":\"2022-05-03T02:24:26Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"5.0.3\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"sqlite3\"},\"severity\":\"HIGH\",\"updatedAt\":\"2022-04-28T20:25:23Z\",\"vulnerableVersionRange\":\">= 5.0.0, < 5.0.3\"},\"state\":\"OPEN\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableRequirements\":\"= 5.0.2\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -823,16 +817,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "juice-shop", "owner": { "login": "kcreddy", "url": "https://github.com/kcreddy" }, + "private": false, "url": "https://github.com/kcreddy/juice-shop" - }, - "severity": "high", - "state": "open" + } }, "tags": [ "preserve_original_event" diff --git a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml index 2cff0f148d77..482aaa56d322 100644 --- a/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/dependabot/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,6 @@ processors: - set: field: ecs.version value: "8.11.0" - - set: - field: event.action - value: "dependabot" - - set: - field: event.kind - value: "alert" - rename: field: message target_field: event.original @@ -21,19 +15,14 @@ processors: - fail: if: "!(ctx.github.dependabot instanceof Map)" message: Missing JSON object + - remove: + field: + - event.kind + ignore_missing: true + description: Fields defined as constant_keyword are removed from _source for storage efficiency. - set: field: _temp.updated_at value: "{{{_ingest.timestamp}}}" - - fingerprint: - fields: - - github.dependabot.repository.owner.login - - github.dependabot.repository.name - - github.dependabot.number - - github.dependabot.created_at - - github.dependabot.dismissed_at - - github.dependabot.fixed_at - target_field: "_id" - ignore_missing: true - rename: field: github.dependabot.createdAt target_field: github.dependabot.created_at @@ -90,13 +79,21 @@ processors: timezone: UTC target_field: "@timestamp" if: ctx.github.dependabot.fixed_at != null + - append: + field: event.type + value: creation + if: ctx.github?.dependabot?.fixed_at == null && ctx.github?.dependabot?.dismissed_at == null + - append: + field: event.type + value: deletion + if: ctx.github?.dependabot?.fixed_at != null || ctx.github?.dependabot?.dismissed_at != null - rename: field: github.dependabot.repository.isInOrganization target_field: github.dependabot.repository.is_in_organization ignore_missing: true - rename: field: github.dependabot.repository.isPrivate - target_field: github.dependabot.repository.is_private + target_field: github.dependabot.repository.private ignore_missing: true - rename: field: github.dependabot.securityAdvisory @@ -263,22 +260,20 @@ processors: - lowercase: field: vulnerability.severity ignore_missing: true - - set: - field: github.state - copy_from: github.dependabot.state - if: ctx.github.dependabot.state != null - - set: - field: github.severity - copy_from: vulnerability.severity - if: ctx.vulnerability?.severity != null - - set: - field: github.severity - value: "undefined" - if: ctx.github.severity == null - rename: field: github.dependabot.repository target_field: github.repository ignore_missing: true + - fingerprint: + fields: + - github.repository.owner.login + - github.repository.name + - github.dependabot.number + - github.dependabot.created_at + - github.dependabot.dismissed_at + - github.dependabot.fixed_at + target_field: "_id" + ignore_missing: true ########### # Cleanup # ########### diff --git a/packages/github/data_stream/dependabot/fields/agent.yml b/packages/github/data_stream/dependabot/fields/agent.yml index bc42d0a853bc..3a1b4c228964 100644 --- a/packages/github/data_stream/dependabot/fields/agent.yml +++ b/packages/github/data_stream/dependabot/fields/agent.yml @@ -6,18 +6,18 @@ fields: - name: containerized type: boolean - description: > - If the host is a container. - + description: If the host is a container. - name: os.build type: keyword example: "18D109" - description: > - OS build information. - + description: OS build information. - name: os.codename type: keyword example: "stretch" - description: > - OS codename, if any. - + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/data_stream/dependabot/fields/base-fields.yml b/packages/github/data_stream/dependabot/fields/base-fields.yml index 12044243bebb..8725015d482f 100644 --- a/packages/github/data_stream/dependabot/fields/base-fields.yml +++ b/packages/github/data_stream/dependabot/fields/base-fields.yml @@ -1,23 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset name. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module value: github + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset value: github.dependabot -- name: "@timestamp" - type: date - description: Event timestamp. -- name: input.type - type: keyword - description: Type of Filebeat input. + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/data_stream/dependabot/fields/ecs.yml b/packages/github/data_stream/dependabot/fields/ecs.yml new file mode 100644 index 000000000000..b0f81a9b1bc2 --- /dev/null +++ b/packages/github/data_stream/dependabot/fields/ecs.yml @@ -0,0 +1,4 @@ +# Define ECS constant fields as constant_keyword +- name: event.kind + type: constant_keyword + value: alert diff --git a/packages/github/data_stream/dependabot/fields/fields.yml b/packages/github/data_stream/dependabot/fields/fields.yml index a3eb89af7646..07c05b0c926b 100644 --- a/packages/github/data_stream/dependabot/fields/fields.yml +++ b/packages/github/data_stream/dependabot/fields/fields.yml @@ -6,14 +6,10 @@ fields: - name: created_at type: date - description: > - When was the alert created - + description: When was the alert created. - name: dependabot_update type: group - description: > - A Dependabot Update for a dependency in a repository. - + description: A Dependabot Update for a dependency in a repository. fields: - name: error type: group @@ -21,305 +17,156 @@ fields: - name: body type: text - description: > - The body of the error. - + description: The body of the error. - name: error_type type: keyword - description: > - The error code. - + description: The error code. - name: title type: keyword - description: > - The title of the error. - + description: The title of the error. - name: pull_request type: group description: The associated pull request. fields: - name: created_at type: date - description: > - Identifies the date and time when the pull request was created. - + description: Identifies the date and time when the pull request was created. - name: closed type: boolean - description: > - `true` if the pull request is closed. - + description: If the pull request is closed. - name: closed_at type: date - description: > - Identifies the date and time when the pull request was closed. - + description: Identifies the date and time when the pull request was closed. - name: merged type: boolean - description: > - Whether or not the pull request was merged. - + description: Whether or not the pull request was merged. - name: merged_at type: date - description: > - The date and time that the pull request was merged. - + description: The date and time that the pull request was merged. - name: number type: integer - description: > - Identifies the pull request number. - + description: Identifies the pull request number. - name: url type: keyword - description: > - The HTTP URL for this pull request. - + description: The HTTP URL for this pull request. - name: title type: keyword - description: > - Identifies the pull request title. - + description: Identifies the pull request title. - name: dependency_scope type: keyword - description: > - The scope of an alert's dependency. - + description: The scope of an alert's dependency. - name: dismiss_reason type: keyword - description: > - The reason the alert was dismissed. - + description: The reason the alert was dismissed. - name: dismissed_at type: date - description: > - When was the alert dismissed - + description: When was the alert dismissed. - name: dismisser type: group fields: - name: login type: keyword - description: > - The username of the dismisser. - + description: The username of the dismisser. - name: url type: keyword - description: > - The HTTP URL for this user. - + description: The HTTP URL for this user. - name: fixed_at type: date - description: > - When was the alert fixed - + description: When was the alert fixed. - name: number type: integer - description: > - Identifies the alert number. - + description: Identifies the alert number. - name: security_advisory type: group - description: > - The associated security advisory. - + description: The associated security advisory. fields: - name: classification type: keyword - description: > - The classification of the advisory. - + description: The classification of the advisory. - name: cvss type: group - description: > - The CVSS associated with this advisory. - + description: The CVSS associated with this advisory. fields: - name: vector_string type: keyword - description: > - The CVSS vector string associated with this advisory. - + description: The CVSS vector string associated with this advisory. - name: cwes type: nested - description: > - CWEs associated with this Advisory. - + description: CWEs associated with this Advisory. - name: cwes.cwe_id type: keyword - description: > - The id of the CWE. - + description: The id of the CWE. - name: cwes.description type: keyword - description: > - The name of this CWE. - + description: The name of this CWE. - name: cwes.name type: keyword - description: > - A detailed description of this CWE. - + description: A detailed description of this CWE. - name: ghsa_id type: keyword - description: > - The GitHub Security Advisory ID. - + description: The GitHub Security Advisory ID. - name: identifiers type: nested - description: > - A list of identifiers for this advisory. - + description: A list of identifiers for this advisory. - name: identifiers.type type: keyword - description: > - The identifier type, e.g. GHSA, CVE. - + description: The identifier type, e.g. GHSA, CVE. - name: identifiers.value type: keyword - description: > - The identifier. - + description: The identifier. - name: origin type: keyword - description: > - The organization that originated the advisory. - + description: The organization that originated the advisory. - name: permalink type: keyword - description: > - The permalink for the advisory. - + description: The permalink for the advisory. - name: published_at type: date - description: > - When the advisory was published. - + description: When the advisory was published. - name: severity type: keyword - description: > - The severity of the advisory. - + description: The severity of the advisory. - name: summary type: keyword - description: > - A short plaintext summary of the advisory. - + description: A short plaintext summary of the advisory. - name: updated_at type: date - description: > - When the advisory was last updated. - + description: When the advisory was last updated. - name: withdrawn_at type: date - description: > - When the advisory was withdrawn, if it has been withdrawn. - + description: When the advisory was withdrawn, if it has been withdrawn. - name: security_vulnerability type: group - description: > - The associated security vulnerability. - + description: The associated security vulnerability. fields: - name: first_patched_version.identifier type: keyword - description: > - The first version containing a fix for the vulnerability. - + description: The first version containing a fix for the vulnerability. - name: package type: group - description: > - A description of the vulnerable package. - + description: A description of the vulnerable package. fields: - name: ecosystem type: keyword - description: > - The ecosystem the package belongs to, e.g. RUBYGEMS, NPM. - + description: The ecosystem the package belongs to, e.g. RUBYGEMS, NPM. - name: name type: keyword - description: > - The package name. - + description: The package name. - name: updated_at type: date - description: > - When the vulnerability was last updated. - + description: When the vulnerability was last updated. - name: vulnerable_version_range type: keyword - description: > - A string that describes the vulnerable package versions. - + description: A string that describes the vulnerable package versions. - name: state type: keyword - description: > - Identifies the state of the alert. - + description: Identifies the state of the alert. - name: vulnerable_manifest_path type: keyword - description: > - The vulnerable manifest path. - + description: The vulnerable manifest path. - name: vulnerable_manifest_filename type: keyword - description: > - The vulnerable manifest filename. - + description: The vulnerable manifest filename. - name: vulnerable_requirements type: keyword - description: > - The vulnerable requirements. - - - name: state - type: keyword - description: > - Identifies the state of the alert. - - - name: severity - type: keyword - description: > - The severity of the advisory. - - - name: repository - type: group - description: > - The associated repository. - - fields: - - name: description - type: text - description: > - The description of the repository. - - - name: is_in_organization - type: boolean - description: > - Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. - - - name: is_private - type: boolean - description: > - Identifies if the repository is private or internal. - - - name: name - type: keyword - description: > - Identifies if the repository is private or internal. - - - name: url - type: keyword - description: > - The HTTP URL for this repository. - - - name: owner - type: group - fields: - - name: login - type: keyword - description: > - The username of the dismisser. - - - name: url - type: keyword - description: >- - The HTTP URL for this user + description: The vulnerable requirements. diff --git a/packages/github/data_stream/dependabot/fields/is-transform-source-true.yml b/packages/github/data_stream/dependabot/fields/is-transform-source-true.yml new file mode 100644 index 000000000000..fd4766eacd52 --- /dev/null +++ b/packages/github/data_stream/dependabot/fields/is-transform-source-true.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "true" diff --git a/packages/github/data_stream/dependabot/fields/package-fields.yml b/packages/github/data_stream/dependabot/fields/package-fields.yml new file mode 100644 index 000000000000..0e22ea0bcab6 --- /dev/null +++ b/packages/github/data_stream/dependabot/fields/package-fields.yml @@ -0,0 +1,62 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. + - name: site_admin + type: boolean + description: Whether the owner is a site administrator. diff --git a/packages/github/data_stream/dependabot/sample_event.json b/packages/github/data_stream/dependabot/sample_event.json index ad1c8f208319..02ff57141959 100644 --- a/packages/github/data_stream/dependabot/sample_event.json +++ b/packages/github/data_stream/dependabot/sample_event.json @@ -1,34 +1,35 @@ { "@timestamp": "2022-07-11T11:39:07.000Z", "agent": { - "ephemeral_id": "786d0d42-a64a-43ae-846d-03d72b473384", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "e7f76da2-a5c1-461e-afff-c8d8aaab6f63", + "id": "63db2a58-1665-44a9-b23a-4dd2b0be9bd6", + "name": "elastic-agent-88319", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.dependabot", - "namespace": "ep", + "namespace": "20232", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "63db2a58-1665-44a9-b23a-4dd2b0be9bd6", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "dependabot", "agent_id_status": "verified", "created": "2022-07-11T11:39:07.000Z", "dataset": "github.dependabot", - "ingested": "2024-01-18T15:59:57Z", - "kind": "alert", + "ingested": "2024-10-30T03:18:26Z", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":1,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"sample_repo\",\"owner\":{\"login\":\"sample_owner\",\"url\":\"https://github.com/sample_owner\"},\"url\":\"https://github.com/sample_owner/sample_repo\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":0,\"vectorString\":null},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-20\",\"description\":\"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\",\"name\":\"Improper Input Validation\"}]},\"description\":\"Versions 4.2.1 and earlier of `jsonwebtoken` are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.\\n\\n\\n\\n\\n## Recommendation\\n\\nUpdate to version 4.2.2 or later.\",\"ghsaId\":\"GHSA-c7hr-j4mj-j2w6\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-c7hr-j4mj-j2w6\"},{\"type\":\"CVE\",\"value\":\"CVE-2015-9235\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\",\"publishedAt\":\"2018-10-09T00:38:30Z\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2015-9235\"},{\"url\":\"https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687\"},{\"url\":\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"},{\"url\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\"},{\"url\":\"https://www.npmjs.com/advisories/17\"},{\"url\":\"https://www.timmclean.net/2015/02/25/jwt-alg-none.html\"},{\"url\":\"https://nodesecurity.io/advisories/17\"}],\"severity\":\"CRITICAL\",\"summary\":\"Verification Bypass in jsonwebtoken\",\"updatedAt\":\"2021-01-08T19:00:39Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"4.2.2\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"jsonwebtoken\"},\"severity\":\"CRITICAL\",\"updatedAt\":\"2018-11-30T19:54:28Z\",\"vulnerableVersionRange\":\"\\u003c 4.2.2\"},\"state\":\"OPEN\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableRequirements\":\"= 0.4.0\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -88,16 +89,14 @@ "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "sample_repo", "owner": { "login": "sample_owner", "url": "https://github.com/sample_owner" }, + "private": false, "url": "https://github.com/sample_owner/sample_repo" - }, - "severity": "critical", - "state": "open" + } }, "input": { "type": "httpjson" diff --git a/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json b/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json index 12af95b864de..50b06599fc1b 100644 --- a/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json +++ b/packages/github/data_stream/issues/_dev/test/pipeline/test-github-issues-json.log-expected.json @@ -6,10 +6,11 @@ "version": "8.11.0" }, "event": { - "action": "event", "created": "2011-04-22T13:33:48.000Z", - "kind": "event", - "original": "{\"id\":1,\"node_id\":\"MDU6SXNzdWUx\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"number\":1347,\"state\":\"open\",\"title\":\"Found a bug\",\"body\":\"I'm having a problem with this.\",\"user\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":true},\"labels\":[{\"id\":208045946,\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\",\"name\":\"bug\",\"description\":\"Something isn't working\",\"color\":\"f29513\",\"default\":true}],\"assignee\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"assignees\":[{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false}],\"milestone\":{\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"id\":1002604,\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"state\":\"open\",\"title\":\"v1.0\",\"description\":\"Tracking milestone for version 1.0\",\"creator\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"open_issues\":4,\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"closed_at\":\"2013-02-12T13:22:01Z\",\"due_on\":\"2012-10-09T23:39:01Z\"},\"locked\":true,\"active_lock_reason\":\"too heated\",\"comments\":0,\"pull_request\":{\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\"},\"closed_at\":null,\"created_at\":\"2011-04-22T13:33:48Z\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"closed_by\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"repository\": {\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"git_url\":\"git:github.com/octocat/Hello-World.git\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"ssh_url\":\"git@github.com:octocat/Hello-World.git\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"clone_url\":\"https://github.com/octocat/Hello-World.git\",\"mirror_url\":\"git:git.example.com/octocat/Hello-World\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\",\"svn_url\":\"https://svn.github.com/octocat/Hello-World\",\"homepage\":\"https://github.com\",\"language\":null,\"forks_count\":9,\"stargazers_count\":80,\"watchers_count\":80,\"size\":108,\"default_branch\":\"master\",\"open_issues_count\":0,\"is_template\":true,\"topics\":[\"octocat\",\"atom\",\"electron\",\"api\"],\"has_issues\":true,\"has_projects\":true,\"has_wiki\":true,\"has_pages\":false,\"has_downloads\":true,\"archived\":false,\"disabled\":false,\"visibility\":\"public\",\"pushed_at\":\"2011-01-26T19:06:43Z\",\"created_at\":\"2011-01-26T19:01:12Z\",\"updated_at\":\"2011-01-26T19:14:43Z\",\"permissions\":{\"admin\":false,\"push\":false,\"pull\":true},\"allow_rebase_merge\":true,\"template_repository\":null,\"temp_clone_token\":\"ABTLWHOULUVAXGTRYU7OC2876QJ2O\",\"allow_squash_merge\":true,\"allow_auto_merge\":false,\"delete_branch_on_merge\":true,\"allow_merge_commit\":true,\"subscribers_count\":42,\"network_count\":0,\"license\":{\"key\":\"mit\",\"name\":\"MIT License\",\"url\":\"https://api.github.com/licenses/mit\",\"spdx_id\":\"MIT\",\"node_id\":\"MDc6TGljZW5zZW1pdA==\",\"html_url\":\"https://github.com/licenses/mit\"},\"forks\":1,\"open_issues\":1,\"watchers\":1},\"author_association\":\"COLLABORATOR\",\"state_reason\":\"completed\"}" + "original": "{\"id\":1,\"node_id\":\"MDU6SXNzdWUx\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"number\":1347,\"state\":\"open\",\"title\":\"Found a bug\",\"body\":\"I'm having a problem with this.\",\"user\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":true},\"labels\":[{\"id\":208045946,\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\",\"name\":\"bug\",\"description\":\"Something isn't working\",\"color\":\"f29513\",\"default\":true}],\"assignee\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"assignees\":[{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false}],\"milestone\":{\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"id\":1002604,\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"state\":\"open\",\"title\":\"v1.0\",\"description\":\"Tracking milestone for version 1.0\",\"creator\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"open_issues\":4,\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"closed_at\":\"2013-02-12T13:22:01Z\",\"due_on\":\"2012-10-09T23:39:01Z\"},\"locked\":true,\"active_lock_reason\":\"too heated\",\"comments\":0,\"pull_request\":{\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\"},\"closed_at\":null,\"created_at\":\"2011-04-22T13:33:48Z\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"closed_by\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"repository\": {\"id\":1296269,\"node_id\":\"MDEwOlJlcG9zaXRvcnkxMjk2MjY5\",\"name\":\"Hello-World\",\"full_name\":\"octocat/Hello-World\",\"owner\":{\"login\":\"octocat\",\"id\":1,\"node_id\":\"MDQ6VXNlcjE=\",\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/octocat\",\"html_url\":\"https://github.com/octocat\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"type\":\"User\",\"site_admin\":false},\"private\":false,\"html_url\":\"https://github.com/octocat/Hello-World\",\"description\":\"This your first repo!\",\"fork\":false,\"url\":\"https://api.github.com/repos/octocat/Hello-World\",\"archive_url\":\"https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}\",\"assignees_url\":\"https://api.github.com/repos/octocat/Hello-World/assignees{/user}\",\"blobs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}\",\"branches_url\":\"https://api.github.com/repos/octocat/Hello-World/branches{/branch}\",\"collaborators_url\":\"https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}\",\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/comments{/number}\",\"commits_url\":\"https://api.github.com/repos/octocat/Hello-World/commits{/sha}\",\"compare_url\":\"https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}\",\"contents_url\":\"https://api.github.com/repos/octocat/Hello-World/contents/{+path}\",\"contributors_url\":\"https://api.github.com/repos/octocat/Hello-World/contributors\",\"deployments_url\":\"https://api.github.com/repos/octocat/Hello-World/deployments\",\"downloads_url\":\"https://api.github.com/repos/octocat/Hello-World/downloads\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/events\",\"forks_url\":\"https://api.github.com/repos/octocat/Hello-World/forks\",\"git_commits_url\":\"https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}\",\"git_refs_url\":\"https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}\",\"git_tags_url\":\"https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}\",\"git_url\":\"git:github.com/octocat/Hello-World.git\",\"issue_comment_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}\",\"issue_events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/events{/number}\",\"issues_url\":\"https://api.github.com/repos/octocat/Hello-World/issues{/number}\",\"keys_url\":\"https://api.github.com/repos/octocat/Hello-World/keys{/key_id}\",\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/labels{/name}\",\"languages_url\":\"https://api.github.com/repos/octocat/Hello-World/languages\",\"merges_url\":\"https://api.github.com/repos/octocat/Hello-World/merges\",\"milestones_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones{/number}\",\"notifications_url\":\"https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}\",\"pulls_url\":\"https://api.github.com/repos/octocat/Hello-World/pulls{/number}\",\"releases_url\":\"https://api.github.com/repos/octocat/Hello-World/releases{/id}\",\"ssh_url\":\"git@github.com:octocat/Hello-World.git\",\"stargazers_url\":\"https://api.github.com/repos/octocat/Hello-World/stargazers\",\"statuses_url\":\"https://api.github.com/repos/octocat/Hello-World/statuses/{sha}\",\"subscribers_url\":\"https://api.github.com/repos/octocat/Hello-World/subscribers\",\"subscription_url\":\"https://api.github.com/repos/octocat/Hello-World/subscription\",\"tags_url\":\"https://api.github.com/repos/octocat/Hello-World/tags\",\"teams_url\":\"https://api.github.com/repos/octocat/Hello-World/teams\",\"trees_url\":\"https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}\",\"clone_url\":\"https://github.com/octocat/Hello-World.git\",\"mirror_url\":\"git:git.example.com/octocat/Hello-World\",\"hooks_url\":\"https://api.github.com/repos/octocat/Hello-World/hooks\",\"svn_url\":\"https://svn.github.com/octocat/Hello-World\",\"homepage\":\"https://github.com\",\"language\":null,\"forks_count\":9,\"stargazers_count\":80,\"watchers_count\":80,\"size\":108,\"default_branch\":\"master\",\"open_issues_count\":0,\"is_template\":true,\"topics\":[\"octocat\",\"atom\",\"electron\",\"api\"],\"has_issues\":true,\"has_projects\":true,\"has_wiki\":true,\"has_pages\":false,\"has_downloads\":true,\"archived\":false,\"disabled\":false,\"visibility\":\"public\",\"pushed_at\":\"2011-01-26T19:06:43Z\",\"created_at\":\"2011-01-26T19:01:12Z\",\"updated_at\":\"2011-01-26T19:14:43Z\",\"permissions\":{\"admin\":false,\"push\":false,\"pull\":true},\"allow_rebase_merge\":true,\"template_repository\":null,\"temp_clone_token\":\"ABTLWHOULUVAXGTRYU7OC2876QJ2O\",\"allow_squash_merge\":true,\"allow_auto_merge\":false,\"delete_branch_on_merge\":true,\"allow_merge_commit\":true,\"subscribers_count\":42,\"network_count\":0,\"license\":{\"key\":\"mit\",\"name\":\"MIT License\",\"url\":\"https://api.github.com/licenses/mit\",\"spdx_id\":\"MIT\",\"node_id\":\"MDc6TGljZW5zZW1pdA==\",\"html_url\":\"https://github.com/licenses/mit\"},\"forks\":1,\"open_issues\":1,\"watchers\":1},\"author_association\":\"COLLABORATOR\",\"state_reason\":\"completed\"}", + "type": [ + "creation" + ] }, "github": { "issues": { @@ -44,7 +45,7 @@ }, "comments": 0, "comments_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/comments", - "created_at": "2011-04-22T13:33:48Z", + "created_at": "2011-04-22T13:33:48.000Z", "events_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/events", "html_url": "https://github.com/octocat/Hello-World/issues/1347", "id": 1, @@ -87,8 +88,7 @@ "login": "octocat" }, "url": "https://api.github.com/repos/octocat/Hello-World" - }, - "state": "open" + } }, "related": { "user": [ @@ -108,15 +108,16 @@ } }, { - "@timestamp": "2022-11-23T15:06:34.000Z", + "@timestamp": "2022-11-23T15:07:18.000Z", "ecs": { "version": "8.11.0" }, "event": { - "action": "event", - "created": "2022-11-23T15:06:34.000Z", - "kind": "event", - "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4710\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/events\",\"html_url\":\"https://github.com/elastic/integrations/issues/4710\",\"id\":1461928292,\"node_id\":\"I_kwDODAw23M5XI0Fk\",\"number\":4710,\"title\":\"Custom STIX Package\",\"user\":{\"login\":\"jamiehynds\",\"id\":62879768,\"node_id\":\"MDQ6VXNlcjYyODc5NzY4\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/62879768?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/jamiehynds\",\"html_url\":\"https://github.com/jamiehynds\",\"followers_url\":\"https://api.github.com/users/jamiehynds/followers\",\"following_url\":\"https://api.github.com/users/jamiehynds/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/jamiehynds/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/jamiehynds/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/jamiehynds/subscriptions\",\"organizations_url\":\"https://api.github.com/users/jamiehynds/orgs\",\"repos_url\":\"https://api.github.com/users/jamiehynds/repos\",\"events_url\":\"https://api.github.com/users/jamiehynds/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/jamiehynds/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":3104073484,\"node_id\":\"MDU6TGFiZWwzMTA0MDczNDg0\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:Threat%20Intel\",\"name\":\"Integration:Threat Intel\",\"color\":\"ffffff\",\"default\":false,\"description\":\"\"}],\"state\":\"open\",\"locked\":false,\"assignee\":{\"login\":\"P1llus\",\"id\":8027539,\"node_id\":\"MDQ6VXNlcjgwMjc1Mzk=\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/8027539?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/P1llus\",\"html_url\":\"https://github.com/P1llus\",\"followers_url\":\"https://api.github.com/users/P1llus/followers\",\"following_url\":\"https://api.github.com/users/P1llus/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/P1llus/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/P1llus/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/P1llus/subscriptions\",\"organizations_url\":\"https://api.github.com/users/P1llus/orgs\",\"repos_url\":\"https://api.github.com/users/P1llus/repos\",\"events_url\":\"https://api.github.com/users/P1llus/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/P1llus/received_events\",\"type\":\"User\",\"site_admin\":false},\"assignees\":[{\"login\":\"P1llus\",\"id\":8027539,\"node_id\":\"MDQ6VXNlcjgwMjc1Mzk=\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/8027539?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/P1llus\",\"html_url\":\"https://github.com/P1llus\",\"followers_url\":\"https://api.github.com/users/P1llus/followers\",\"following_url\":\"https://api.github.com/users/P1llus/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/P1llus/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/P1llus/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/P1llus/subscriptions\",\"organizations_url\":\"https://api.github.com/users/P1llus/orgs\",\"repos_url\":\"https://api.github.com/users/P1llus/repos\",\"events_url\":\"https://api.github.com/users/P1llus/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/P1llus/received_events\",\"type\":\"User\",\"site_admin\":false}],\"milestone\":null,\"comments\":2,\"created_at\":\"2022-11-23T15:06:34Z\",\"updated_at\":\"2022-11-23T15:07:18Z\",\"closed_at\":null,\"author_association\":\"NONE\",\"active_lock_reason\":null,\"body\":\"Structured Threat Information Expression (STIX) is a language for expressing cyber threat and observable information. While we have several Threat Intel integrations which map STIX formatted data to Elastic Common Schema, users will always have need to ingest IOC's from threat feeds that we don't support out of the box. 'How do I ingest STIX feeds' remains a very common questions across community Slack, Discuss, Github, etc. A custom package would solve for this. \\r\\n\\r\\nTo allow for the broad range of STIX formatted feeds, we should provide a way for users to ingest data from ANY STIX feed, via a 'Custom STIX' package. The package will leverage our httpjson input under the hood, but include an ingest pipeline which maps STIX fields to ECS (we expect there'll still be a need for custom fields, as not all STIX fields have a corresponding field in ECS). \\r\\n\\r\\nThere may be cases where some feeds/vendors don't strictly conform to STIX, and in those cases, users may have to modify our pipeline and that's ok. We'll focus on correctly formatted STIX data. \",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/timeline\",\"performed_via_github_app\":null,\"state_reason\":null}" + "created": "2022-11-23T15:07:18.000Z", + "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4710\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/events\",\"html_url\":\"https://github.com/elastic/integrations/issues/4710\",\"id\":1461928292,\"node_id\":\"I_kwDODAw23M5XI0Fk\",\"number\":4710,\"title\":\"Custom STIX Package\",\"user\":{\"login\":\"jamiehynds\",\"id\":62879768,\"node_id\":\"MDQ6VXNlcjYyODc5NzY4\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/62879768?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/jamiehynds\",\"html_url\":\"https://github.com/jamiehynds\",\"followers_url\":\"https://api.github.com/users/jamiehynds/followers\",\"following_url\":\"https://api.github.com/users/jamiehynds/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/jamiehynds/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/jamiehynds/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/jamiehynds/subscriptions\",\"organizations_url\":\"https://api.github.com/users/jamiehynds/orgs\",\"repos_url\":\"https://api.github.com/users/jamiehynds/repos\",\"events_url\":\"https://api.github.com/users/jamiehynds/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/jamiehynds/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":3104073484,\"node_id\":\"MDU6TGFiZWwzMTA0MDczNDg0\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:Threat%20Intel\",\"name\":\"Integration:Threat Intel\",\"color\":\"ffffff\",\"default\":false,\"description\":\"\"}],\"state\":\"open\",\"locked\":false,\"assignee\":{\"login\":\"P1llus\",\"id\":8027539,\"node_id\":\"MDQ6VXNlcjgwMjc1Mzk=\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/8027539?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/P1llus\",\"html_url\":\"https://github.com/P1llus\",\"followers_url\":\"https://api.github.com/users/P1llus/followers\",\"following_url\":\"https://api.github.com/users/P1llus/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/P1llus/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/P1llus/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/P1llus/subscriptions\",\"organizations_url\":\"https://api.github.com/users/P1llus/orgs\",\"repos_url\":\"https://api.github.com/users/P1llus/repos\",\"events_url\":\"https://api.github.com/users/P1llus/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/P1llus/received_events\",\"type\":\"User\",\"site_admin\":false},\"assignees\":[{\"login\":\"P1llus\",\"id\":8027539,\"node_id\":\"MDQ6VXNlcjgwMjc1Mzk=\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/8027539?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/P1llus\",\"html_url\":\"https://github.com/P1llus\",\"followers_url\":\"https://api.github.com/users/P1llus/followers\",\"following_url\":\"https://api.github.com/users/P1llus/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/P1llus/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/P1llus/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/P1llus/subscriptions\",\"organizations_url\":\"https://api.github.com/users/P1llus/orgs\",\"repos_url\":\"https://api.github.com/users/P1llus/repos\",\"events_url\":\"https://api.github.com/users/P1llus/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/P1llus/received_events\",\"type\":\"User\",\"site_admin\":false}],\"milestone\":null,\"comments\":2,\"created_at\":\"2022-11-23T15:06:34Z\",\"updated_at\":\"2022-11-23T15:07:18Z\",\"closed_at\":null,\"author_association\":\"NONE\",\"active_lock_reason\":null,\"body\":\"Structured Threat Information Expression (STIX) is a language for expressing cyber threat and observable information. While we have several Threat Intel integrations which map STIX formatted data to Elastic Common Schema, users will always have need to ingest IOC's from threat feeds that we don't support out of the box. 'How do I ingest STIX feeds' remains a very common questions across community Slack, Discuss, Github, etc. A custom package would solve for this. \\r\\n\\r\\nTo allow for the broad range of STIX formatted feeds, we should provide a way for users to ingest data from ANY STIX feed, via a 'Custom STIX' package. The package will leverage our httpjson input under the hood, but include an ingest pipeline which maps STIX fields to ECS (we expect there'll still be a need for custom fields, as not all STIX fields have a corresponding field in ECS). \\r\\n\\r\\nThere may be cases where some feeds/vendors don't strictly conform to STIX, and in those cases, users may have to modify our pipeline and that's ok. We'll focus on correctly formatted STIX data. \",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4710/timeline\",\"performed_via_github_app\":null,\"state_reason\":null}", + "type": [ + "change" + ] }, "github": { "issues": { @@ -142,7 +143,7 @@ "body": "Structured Threat Information Expression (STIX) is a language for expressing cyber threat and observable information. While we have several Threat Intel integrations which map STIX formatted data to Elastic Common Schema, users will always have need to ingest IOC's from threat feeds that we don't support out of the box. 'How do I ingest STIX feeds' remains a very common questions across community Slack, Discuss, Github, etc. A custom package would solve for this. \r\n\r\nTo allow for the broad range of STIX formatted feeds, we should provide a way for users to ingest data from ANY STIX feed, via a 'Custom STIX' package. The package will leverage our httpjson input under the hood, but include an ingest pipeline which maps STIX fields to ECS (we expect there'll still be a need for custom fields, as not all STIX fields have a corresponding field in ECS). \r\n\r\nThere may be cases where some feeds/vendors don't strictly conform to STIX, and in those cases, users may have to modify our pipeline and that's ok. We'll focus on correctly formatted STIX data. ", "comments": 2, "comments_url": "https://api.github.com/repos/elastic/integrations/issues/4710/comments", - "created_at": "2022-11-23T15:06:34Z", + "created_at": "2022-11-23T15:06:34.000Z", "events_url": "https://api.github.com/repos/elastic/integrations/issues/4710/events", "html_url": "https://github.com/elastic/integrations/issues/4710", "id": 1461928292, @@ -182,8 +183,7 @@ "login": "elastic" }, "url": "https://api.github.com/repos/elastic/integrations" - }, - "state": "open" + } }, "related": { "user": [ @@ -201,15 +201,16 @@ } }, { - "@timestamp": "2022-11-23T13:03:54.000Z", + "@timestamp": "2022-11-23T14:58:03.000Z", "ecs": { "version": "8.11.0" }, "event": { - "action": "event", - "created": "2022-11-23T13:03:54.000Z", - "kind": "event", - "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4707\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/events\",\"html_url\":\"https://github.com/elastic/integrations/issues/4707\",\"id\":1461726255,\"node_id\":\"I_kwDODAw23M5XICwv\",\"number\":4707,\"title\":\"[ Crowdstrike Falcon ] Parse of process field is wrong.\",\"user\":{\"login\":\"leandrojmp\",\"id\":322886,\"node_id\":\"MDQ6VXNlcjMyMjg4Ng==\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/322886?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/leandrojmp\",\"html_url\":\"https://github.com/leandrojmp\",\"followers_url\":\"https://api.github.com/users/leandrojmp/followers\",\"following_url\":\"https://api.github.com/users/leandrojmp/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/leandrojmp/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/leandrojmp/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/leandrojmp/subscriptions\",\"organizations_url\":\"https://api.github.com/users/leandrojmp/orgs\",\"repos_url\":\"https://api.github.com/users/leandrojmp/repos\",\"events_url\":\"https://api.github.com/users/leandrojmp/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/leandrojmp/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":2716642190,\"node_id\":\"MDU6TGFiZWwyNzE2NjQyMTkw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:Crowdstrike\",\"name\":\"Integration:Crowdstrike\",\"color\":\"FFFFFF\",\"default\":false,\"description\":null}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":1,\"created_at\":\"2022-11-23T13:03:54Z\",\"updated_at\":\"2022-11-23T14:58:03Z\",\"closed_at\":null,\"author_association\":\"NONE\",\"active_lock_reason\":null,\"body\":\"Hello,\\r\\n\\r\\nThe parse of the process fields in the Crowdstrike Falcon Pipeline is wrong, it is creating fields with dots in the name instead of nested json objects.\\r\\n\\r\\nIt creates this:\\r\\n```\\r\\n{\\r\\n \\\"process.executable\\\": \\\"value\\\"\\r\\n}\\r\\n```\\r\\n\\r\\nInstead of\\r\\n\\r\\n```\\r\\n{\\r\\n \\\"process\\\": {\\r\\n \\\"executable\\\": \\\"value\\\"\\r\\n }\\r\\n}\\r\\n```\\r\\n\\r\\nThis same issue was present in the [filebeat integration](https://github.com/elastic/beats/issues/27622) and I submitted a [fix](https://github.com/elastic/beats/pull/27623) more than an year ago.\\r\\n\\r\\nI will submit a PR later with the same fix, but I'm creating this issue to register the problem.\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }" + "created": "2022-11-23T14:58:03.000Z", + "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4707\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/events\",\"html_url\":\"https://github.com/elastic/integrations/issues/4707\",\"id\":1461726255,\"node_id\":\"I_kwDODAw23M5XICwv\",\"number\":4707,\"title\":\"[ Crowdstrike Falcon ] Parse of process field is wrong.\",\"user\":{\"login\":\"leandrojmp\",\"id\":322886,\"node_id\":\"MDQ6VXNlcjMyMjg4Ng==\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/322886?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/leandrojmp\",\"html_url\":\"https://github.com/leandrojmp\",\"followers_url\":\"https://api.github.com/users/leandrojmp/followers\",\"following_url\":\"https://api.github.com/users/leandrojmp/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/leandrojmp/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/leandrojmp/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/leandrojmp/subscriptions\",\"organizations_url\":\"https://api.github.com/users/leandrojmp/orgs\",\"repos_url\":\"https://api.github.com/users/leandrojmp/repos\",\"events_url\":\"https://api.github.com/users/leandrojmp/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/leandrojmp/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":2716642190,\"node_id\":\"MDU6TGFiZWwyNzE2NjQyMTkw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:Crowdstrike\",\"name\":\"Integration:Crowdstrike\",\"color\":\"FFFFFF\",\"default\":false,\"description\":null}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":1,\"created_at\":\"2022-11-23T13:03:54Z\",\"updated_at\":\"2022-11-23T14:58:03Z\",\"closed_at\":null,\"author_association\":\"NONE\",\"active_lock_reason\":null,\"body\":\"Hello,\\r\\n\\r\\nThe parse of the process fields in the Crowdstrike Falcon Pipeline is wrong, it is creating fields with dots in the name instead of nested json objects.\\r\\n\\r\\nIt creates this:\\r\\n```\\r\\n{\\r\\n \\\"process.executable\\\": \\\"value\\\"\\r\\n}\\r\\n```\\r\\n\\r\\nInstead of\\r\\n\\r\\n```\\r\\n{\\r\\n \\\"process\\\": {\\r\\n \\\"executable\\\": \\\"value\\\"\\r\\n }\\r\\n}\\r\\n```\\r\\n\\r\\nThis same issue was present in the [filebeat integration](https://github.com/elastic/beats/issues/27622) and I submitted a [fix](https://github.com/elastic/beats/pull/27623) more than an year ago.\\r\\n\\r\\nI will submit a PR later with the same fix, but I'm creating this issue to register the problem.\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4707/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }", + "type": [ + "change" + ] }, "github": { "issues": { @@ -217,7 +218,7 @@ "body": "Hello,\r\n\r\nThe parse of the process fields in the Crowdstrike Falcon Pipeline is wrong, it is creating fields with dots in the name instead of nested json objects.\r\n\r\nIt creates this:\r\n```\r\n{\r\n \"process.executable\": \"value\"\r\n}\r\n```\r\n\r\nInstead of\r\n\r\n```\r\n{\r\n \"process\": {\r\n \"executable\": \"value\"\r\n }\r\n}\r\n```\r\n\r\nThis same issue was present in the [filebeat integration](https://github.com/elastic/beats/issues/27622) and I submitted a [fix](https://github.com/elastic/beats/pull/27623) more than an year ago.\r\n\r\nI will submit a PR later with the same fix, but I'm creating this issue to register the problem.", "comments": 1, "comments_url": "https://api.github.com/repos/elastic/integrations/issues/4707/comments", - "created_at": "2022-11-23T13:03:54Z", + "created_at": "2022-11-23T13:03:54.000Z", "events_url": "https://api.github.com/repos/elastic/integrations/issues/4707/events", "html_url": "https://github.com/elastic/integrations/issues/4707", "id": 1461726255, @@ -257,8 +258,7 @@ "login": "elastic" }, "url": "https://api.github.com/repos/elastic/integrations" - }, - "state": "open" + } }, "related": { "user": [ @@ -275,15 +275,16 @@ } }, { - "@timestamp": "2022-11-23T10:57:54.000Z", + "@timestamp": "2022-11-23T11:15:48.000Z", "ecs": { "version": "8.11.0" }, "event": { - "action": "event", - "created": "2022-11-23T10:57:54.000Z", - "kind": "event", - "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4704\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/events\",\"html_url\":\"https://github.com/elastic/integrations/pull/4704\",\"id\":1461524465,\"node_id\":\"PR_kwDODAw23M5DjMOh\",\"number\":4704,\"title\":\"[Enhancement] [Infoblox Bloxone DDI] Update the Pagination Termination Condition and Added Filter instead of KQL in visualizations\",\"user\":{\"login\":\"vinit-elastic\",\"id\":89848047,\"node_id\":\"MDQ6VXNlcjg5ODQ4MDQ3\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/89848047?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/vinit-elastic\",\"html_url\":\"https://github.com/vinit-elastic\",\"followers_url\":\"https://api.github.com/users/vinit-elastic/followers\",\"following_url\":\"https://api.github.com/users/vinit-elastic/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/vinit-elastic/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/vinit-elastic/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/vinit-elastic/subscriptions\",\"organizations_url\":\"https://api.github.com/users/vinit-elastic/orgs\",\"repos_url\":\"https://api.github.com/users/vinit-elastic/repos\",\"events_url\":\"https://api.github.com/users/vinit-elastic/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/vinit-elastic/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":1498531540,\"node_id\":\"MDU6TGFiZWwxNDk4NTMxNTQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/enhancement\",\"name\":\"enhancement\",\"color\":\"a2eeef\",\"default\":true,\"description\":\"New feature or request\"},{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":4528694847,\"node_id\":\"LA_kwDODAw23M8AAAABDe5mPw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:infoblox_bloxone_ddi\",\"name\":\"Integration:infoblox_bloxone_ddi\",\"color\":\"FFFFFF\",\"default\":false,\"description\":\"Infoblox BloxOne DDI (DNS, DHCP, IP management)\"}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":4,\"created_at\":\"2022-11-23T10:57:54Z\",\"updated_at\":\"2022-11-23T11:15:48Z\",\"closed_at\":null,\"author_association\":\"COLLABORATOR\",\"active_lock_reason\":null,\"draft\":false,\"pull_request\":{\"url\":\"https://api.github.com/repos/elastic/integrations/pulls/4704\",\"html_url\":\"https://github.com/elastic/integrations/pull/4704\",\"diff_url\":\"https://github.com/elastic/integrations/pull/4704.diff\",\"patch_url\":\"https://github.com/elastic/integrations/pull/4704.patch\",\"merged_at\":null},\"body\":\" Type of change\\r\\n- Enhancement\\r\\n\\r\\n\\r\\n## What does this PR do?\\r\\nUpdate the Pagination Termination Condition for Infoblox Bloxone DDI connector.\\r\\n\\r\\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\\r\\n\\r\\nRemoving this `else` condition will not result in error logs.\\r\\n\\r\\n\\r\\n\\r\\n## Checklist\\r\\n\\r\\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\\r\\n- [x] I have verified that all data streams collect metrics or logs.\\r\\n- [x] I have added an entry to my package's `changelog.yml` file.\\r\\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\\r\\n\\r\\n\\r\\n\\r\\n## How to test this PR locally\\r\\n- Clone integrations repo.\\r\\n- Install elastic package locally.\\r\\n- Start elastic stack using elastic-package.\\r\\n- Move to integrations/packages/infoblox_bloxone_ddi directory.\\r\\n- Run the following command to run tests. \\r\\n> elastic-package test \\r\\n\\r\\n\\r\\n## Related issues\\r\\n\\r\\n\\r\\n- Relates https://github.com/elastic/integrations/issues/4527\\r\\n\\r\\n## Screenshots\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529720-18c110cd-5343-4d70-bbfb-eed0b81313af.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529765-4b183071-6ed9-4bc8-8a98-fd04955bb4d7.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529819-78128d98-630e-49e5-bf97-f86059c0cc26.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529936-df7e3d6f-031e-4b0c-992f-93707a507735.png)\\r\\n\\r\\n\\r\\n\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }" + "created": "2022-11-23T11:15:48.000Z", + "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4704\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/events\",\"html_url\":\"https://github.com/elastic/integrations/pull/4704\",\"id\":1461524465,\"node_id\":\"PR_kwDODAw23M5DjMOh\",\"number\":4704,\"title\":\"[Enhancement] [Infoblox Bloxone DDI] Update the Pagination Termination Condition and Added Filter instead of KQL in visualizations\",\"user\":{\"login\":\"vinit-elastic\",\"id\":89848047,\"node_id\":\"MDQ6VXNlcjg5ODQ4MDQ3\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/89848047?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/vinit-elastic\",\"html_url\":\"https://github.com/vinit-elastic\",\"followers_url\":\"https://api.github.com/users/vinit-elastic/followers\",\"following_url\":\"https://api.github.com/users/vinit-elastic/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/vinit-elastic/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/vinit-elastic/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/vinit-elastic/subscriptions\",\"organizations_url\":\"https://api.github.com/users/vinit-elastic/orgs\",\"repos_url\":\"https://api.github.com/users/vinit-elastic/repos\",\"events_url\":\"https://api.github.com/users/vinit-elastic/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/vinit-elastic/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":1498531540,\"node_id\":\"MDU6TGFiZWwxNDk4NTMxNTQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/enhancement\",\"name\":\"enhancement\",\"color\":\"a2eeef\",\"default\":true,\"description\":\"New feature or request\"},{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":4528694847,\"node_id\":\"LA_kwDODAw23M8AAAABDe5mPw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:infoblox_bloxone_ddi\",\"name\":\"Integration:infoblox_bloxone_ddi\",\"color\":\"FFFFFF\",\"default\":false,\"description\":\"Infoblox BloxOne DDI (DNS, DHCP, IP management)\"}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":4,\"created_at\":\"2022-11-23T10:57:54Z\",\"updated_at\":\"2022-11-23T11:15:48Z\",\"closed_at\":null,\"author_association\":\"COLLABORATOR\",\"active_lock_reason\":null,\"draft\":false,\"pull_request\":{\"url\":\"https://api.github.com/repos/elastic/integrations/pulls/4704\",\"html_url\":\"https://github.com/elastic/integrations/pull/4704\",\"diff_url\":\"https://github.com/elastic/integrations/pull/4704.diff\",\"patch_url\":\"https://github.com/elastic/integrations/pull/4704.patch\",\"merged_at\":null},\"body\":\" Type of change\\r\\n- Enhancement\\r\\n\\r\\n\\r\\n## What does this PR do?\\r\\nUpdate the Pagination Termination Condition for Infoblox Bloxone DDI connector.\\r\\n\\r\\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\\r\\n\\r\\nRemoving this `else` condition will not result in error logs.\\r\\n\\r\\n\\r\\n\\r\\n## Checklist\\r\\n\\r\\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\\r\\n- [x] I have verified that all data streams collect metrics or logs.\\r\\n- [x] I have added an entry to my package's `changelog.yml` file.\\r\\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\\r\\n\\r\\n\\r\\n\\r\\n## How to test this PR locally\\r\\n- Clone integrations repo.\\r\\n- Install elastic package locally.\\r\\n- Start elastic stack using elastic-package.\\r\\n- Move to integrations/packages/infoblox_bloxone_ddi directory.\\r\\n- Run the following command to run tests. \\r\\n> elastic-package test \\r\\n\\r\\n\\r\\n## Related issues\\r\\n\\r\\n\\r\\n- Relates https://github.com/elastic/integrations/issues/4527\\r\\n\\r\\n## Screenshots\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529720-18c110cd-5343-4d70-bbfb-eed0b81313af.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529765-4b183071-6ed9-4bc8-8a98-fd04955bb4d7.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529819-78128d98-630e-49e5-bf97-f86059c0cc26.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203529936-df7e3d6f-031e-4b0c-992f-93707a507735.png)\\r\\n\\r\\n\\r\\n\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4704/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }", + "type": [ + "change" + ] }, "github": { "issues": { @@ -291,7 +292,7 @@ "body": " Type of change\r\n- Enhancement\r\n\r\n\r\n## What does this PR do?\r\nUpdate the Pagination Termination Condition for Infoblox Bloxone DDI connector.\r\n\r\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\r\n\r\nRemoving this `else` condition will not result in error logs.\r\n\r\n\r\n\r\n## Checklist\r\n\r\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\r\n- [x] I have verified that all data streams collect metrics or logs.\r\n- [x] I have added an entry to my package's `changelog.yml` file.\r\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\r\n\r\n\r\n\r\n## How to test this PR locally\r\n- Clone integrations repo.\r\n- Install elastic package locally.\r\n- Start elastic stack using elastic-package.\r\n- Move to integrations/packages/infoblox_bloxone_ddi directory.\r\n- Run the following command to run tests. \r\n> elastic-package test \r\n\r\n\r\n## Related issues\r\n\r\n\r\n- Relates https://github.com/elastic/integrations/issues/4527\r\n\r\n## Screenshots\r\n![image](https://user-images.githubusercontent.com/89848047/203529720-18c110cd-5343-4d70-bbfb-eed0b81313af.png)\r\n![image](https://user-images.githubusercontent.com/89848047/203529765-4b183071-6ed9-4bc8-8a98-fd04955bb4d7.png)\r\n![image](https://user-images.githubusercontent.com/89848047/203529819-78128d98-630e-49e5-bf97-f86059c0cc26.png)\r\n![image](https://user-images.githubusercontent.com/89848047/203529936-df7e3d6f-031e-4b0c-992f-93707a507735.png)\r\n\r\n\r\n", "comments": 4, "comments_url": "https://api.github.com/repos/elastic/integrations/issues/4704/comments", - "created_at": "2022-11-23T10:57:54Z", + "created_at": "2022-11-23T10:57:54.000Z", "draft": false, "events_url": "https://api.github.com/repos/elastic/integrations/issues/4704/events", "html_url": "https://github.com/elastic/integrations/pull/4704", @@ -343,8 +344,7 @@ "login": "elastic" }, "url": "https://api.github.com/repos/elastic/integrations" - }, - "state": "open" + } }, "related": { "user": [ @@ -361,15 +361,16 @@ } }, { - "@timestamp": "2022-11-23T10:44:59.000Z", + "@timestamp": "2022-11-23T11:23:56.000Z", "ecs": { "version": "8.11.0" }, "event": { - "action": "event", - "created": "2022-11-23T10:44:59.000Z", - "kind": "event", - "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4703\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/events\",\"html_url\":\"https://github.com/elastic/integrations/pull/4703\",\"id\":1461503410,\"node_id\":\"PR_kwDODAw23M5DjHjk\",\"number\":4703,\"title\":\"[Enhancement] [AWS Security Hub] Update the Pagination Termination Condition\",\"user\":{\"login\":\"vinit-elastic\",\"id\":89848047,\"node_id\":\"MDQ6VXNlcjg5ODQ4MDQ3\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/89848047?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/vinit-elastic\",\"html_url\":\"https://github.com/vinit-elastic\",\"followers_url\":\"https://api.github.com/users/vinit-elastic/followers\",\"following_url\":\"https://api.github.com/users/vinit-elastic/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/vinit-elastic/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/vinit-elastic/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/vinit-elastic/subscriptions\",\"organizations_url\":\"https://api.github.com/users/vinit-elastic/orgs\",\"repos_url\":\"https://api.github.com/users/vinit-elastic/repos\",\"events_url\":\"https://api.github.com/users/vinit-elastic/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/vinit-elastic/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":1498531540,\"node_id\":\"MDU6TGFiZWwxNDk4NTMxNTQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/enhancement\",\"name\":\"enhancement\",\"color\":\"a2eeef\",\"default\":true,\"description\":\"New feature or request\"},{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":2607750240,\"node_id\":\"MDU6TGFiZWwyNjA3NzUwMjQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:AWS\",\"name\":\"Integration:AWS\",\"color\":\"FFFFFF\",\"default\":false,\"description\":\"\"}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":4,\"created_at\":\"2022-11-23T10:44:59Z\",\"updated_at\":\"2022-11-23T11:23:56Z\",\"closed_at\":null,\"author_association\":\"COLLABORATOR\",\"active_lock_reason\":null,\"draft\":false,\"pull_request\":{\"url\":\"https://api.github.com/repos/elastic/integrations/pulls/4703\",\"html_url\":\"https://github.com/elastic/integrations/pull/4703\",\"diff_url\":\"https://github.com/elastic/integrations/pull/4703.diff\",\"patch_url\":\"https://github.com/elastic/integrations/pull/4703.patch\",\"merged_at\":null},\"body\":\" Type of change\\r\\n- Enhancement\\r\\n\\r\\n\\r\\n## What does this PR do?\\r\\nUpdate the Pagination Termination Condition for AWS Security Hub connector.\\r\\n\\r\\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\\r\\n\\r\\nRemoving this `else` condition will not result in error logs.\\r\\n\\r\\n\\r\\n\\r\\n## Checklist\\r\\n\\r\\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\\r\\n- [x] I have verified that all data streams collect metrics or logs.\\r\\n- [x] I have added an entry to my package's `changelog.yml` file.\\r\\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\\r\\n\\r\\n\\r\\n\\r\\n## How to test this PR locally\\r\\n- Clone integrations repo.\\r\\n- Install elastic package locally.\\r\\n- Start elastic stack using elastic-package.\\r\\n- Move to integrations/packages/aws directory.\\r\\n- Run the following command to run tests. \\r\\n> elastic-package test \\r\\n\\r\\n\\r\\n## Related issues\\r\\n\\r\\n\\r\\n- Relates https://github.com/elastic/integrations/issues/4527\\r\\n\\r\\n## Screenshots\\r\\n![image](https://user-images.githubusercontent.com/89848047/203526900-06519c95-3de5-4f88-a65d-555d03d7f9a1.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203527000-b050f059-03c6-4ead-a88e-9f2e42efb537.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203527123-ea1f8513-8371-4d06-8a17-b71c0dae7a5a.png)\\r\\n\\r\\n\\r\\n\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }" + "created": "2022-11-23T11:23:56.000Z", + "original": "{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4703\",\"repository_url\":\"https://api.github.com/repos/elastic/integrations\",\"labels_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/labels{/name}\",\"comments_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/comments\",\"events_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/events\",\"html_url\":\"https://github.com/elastic/integrations/pull/4703\",\"id\":1461503410,\"node_id\":\"PR_kwDODAw23M5DjHjk\",\"number\":4703,\"title\":\"[Enhancement] [AWS Security Hub] Update the Pagination Termination Condition\",\"user\":{\"login\":\"vinit-elastic\",\"id\":89848047,\"node_id\":\"MDQ6VXNlcjg5ODQ4MDQ3\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/89848047?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/vinit-elastic\",\"html_url\":\"https://github.com/vinit-elastic\",\"followers_url\":\"https://api.github.com/users/vinit-elastic/followers\",\"following_url\":\"https://api.github.com/users/vinit-elastic/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/vinit-elastic/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/vinit-elastic/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/vinit-elastic/subscriptions\",\"organizations_url\":\"https://api.github.com/users/vinit-elastic/orgs\",\"repos_url\":\"https://api.github.com/users/vinit-elastic/repos\",\"events_url\":\"https://api.github.com/users/vinit-elastic/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/vinit-elastic/received_events\",\"type\":\"User\",\"site_admin\":false},\"labels\":[{\"id\":1498531540,\"node_id\":\"MDU6TGFiZWwxNDk4NTMxNTQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/enhancement\",\"name\":\"enhancement\",\"color\":\"a2eeef\",\"default\":true,\"description\":\"New feature or request\"},{\"id\":2404921703,\"node_id\":\"MDU6TGFiZWwyNDA0OTIxNzAz\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Team:Security-Service%20Integrations\",\"name\":\"Team:Security-Service Integrations\",\"color\":\"1d76db\",\"default\":false,\"description\":\"Label for the Security External Integrations team\"},{\"id\":2607750240,\"node_id\":\"MDU6TGFiZWwyNjA3NzUwMjQw\",\"url\":\"https://api.github.com/repos/elastic/integrations/labels/Integration:AWS\",\"name\":\"Integration:AWS\",\"color\":\"FFFFFF\",\"default\":false,\"description\":\"\"}],\"state\":\"open\",\"locked\":false,\"assignee\":null,\"assignees\":[],\"milestone\":null,\"comments\":4,\"created_at\":\"2022-11-23T10:44:59Z\",\"updated_at\":\"2022-11-23T11:23:56Z\",\"closed_at\":null,\"author_association\":\"COLLABORATOR\",\"active_lock_reason\":null,\"draft\":false,\"pull_request\":{\"url\":\"https://api.github.com/repos/elastic/integrations/pulls/4703\",\"html_url\":\"https://github.com/elastic/integrations/pull/4703\",\"diff_url\":\"https://github.com/elastic/integrations/pull/4703.diff\",\"patch_url\":\"https://github.com/elastic/integrations/pull/4703.patch\",\"merged_at\":null},\"body\":\" Type of change\\r\\n- Enhancement\\r\\n\\r\\n\\r\\n## What does this PR do?\\r\\nUpdate the Pagination Termination Condition for AWS Security Hub connector.\\r\\n\\r\\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\\r\\n\\r\\nRemoving this `else` condition will not result in error logs.\\r\\n\\r\\n\\r\\n\\r\\n## Checklist\\r\\n\\r\\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\\r\\n- [x] I have verified that all data streams collect metrics or logs.\\r\\n- [x] I have added an entry to my package's `changelog.yml` file.\\r\\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\\r\\n\\r\\n\\r\\n\\r\\n## How to test this PR locally\\r\\n- Clone integrations repo.\\r\\n- Install elastic package locally.\\r\\n- Start elastic stack using elastic-package.\\r\\n- Move to integrations/packages/aws directory.\\r\\n- Run the following command to run tests. \\r\\n> elastic-package test \\r\\n\\r\\n\\r\\n## Related issues\\r\\n\\r\\n\\r\\n- Relates https://github.com/elastic/integrations/issues/4527\\r\\n\\r\\n## Screenshots\\r\\n![image](https://user-images.githubusercontent.com/89848047/203526900-06519c95-3de5-4f88-a65d-555d03d7f9a1.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203527000-b050f059-03c6-4ead-a88e-9f2e42efb537.png)\\r\\n![image](https://user-images.githubusercontent.com/89848047/203527123-ea1f8513-8371-4d06-8a17-b71c0dae7a5a.png)\\r\\n\\r\\n\\r\\n\",\"reactions\":{\"url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/reactions\",\"total_count\":0,\"+1\":0,\"-1\":0,\"laugh\":0,\"hooray\":0,\"confused\":0,\"heart\":0,\"rocket\":0,\"eyes\":0},\"timeline_url\":\"https://api.github.com/repos/elastic/integrations/issues/4703/timeline\",\"performed_via_github_app\":null,\"state_reason\":null }", + "type": [ + "change" + ] }, "github": { "issues": { @@ -377,7 +378,7 @@ "body": " Type of change\r\n- Enhancement\r\n\r\n\r\n## What does this PR do?\r\nUpdate the Pagination Termination Condition for AWS Security Hub connector.\r\n\r\nCurrent condition for pagination termination contains `[[else]][[.last_response.terminate_pagination]][[end]]` which results in error logs when pagination is completed.\r\n\r\nRemoving this `else` condition will not result in error logs.\r\n\r\n\r\n\r\n## Checklist\r\n\r\n- [x] I have reviewed [tips for building integrations](https://github.com/elastic/integrations/blob/main/docs/tips_for_building_integrations.md) and this pull request is aligned with them.\r\n- [x] I have verified that all data streams collect metrics or logs.\r\n- [x] I have added an entry to my package's `changelog.yml` file.\r\n- [x] I have verified that Kibana version constraints are current according to [guidelines](https://github.com/elastic/elastic-package/blob/master/docs/howto/stack_version_support.md#when-to-update-the-condition).\r\n\r\n\r\n\r\n## How to test this PR locally\r\n- Clone integrations repo.\r\n- Install elastic package locally.\r\n- Start elastic stack using elastic-package.\r\n- Move to integrations/packages/aws directory.\r\n- Run the following command to run tests. \r\n> elastic-package test \r\n\r\n\r\n## Related issues\r\n\r\n\r\n- Relates https://github.com/elastic/integrations/issues/4527\r\n\r\n## Screenshots\r\n![image](https://user-images.githubusercontent.com/89848047/203526900-06519c95-3de5-4f88-a65d-555d03d7f9a1.png)\r\n![image](https://user-images.githubusercontent.com/89848047/203527000-b050f059-03c6-4ead-a88e-9f2e42efb537.png)\r\n![image](https://user-images.githubusercontent.com/89848047/203527123-ea1f8513-8371-4d06-8a17-b71c0dae7a5a.png)\r\n\r\n\r\n", "comments": 4, "comments_url": "https://api.github.com/repos/elastic/integrations/issues/4703/comments", - "created_at": "2022-11-23T10:44:59Z", + "created_at": "2022-11-23T10:44:59.000Z", "draft": false, "events_url": "https://api.github.com/repos/elastic/integrations/issues/4703/events", "html_url": "https://github.com/elastic/integrations/pull/4703", @@ -428,8 +429,7 @@ "login": "elastic" }, "url": "https://api.github.com/repos/elastic/integrations" - }, - "state": "open" + } }, "related": { "user": [ diff --git a/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml index 261344c71b87..ed8b360078be 100644 --- a/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/issues/elasticsearch/ingest_pipeline/default.yml @@ -4,12 +4,6 @@ processors: - set: field: ecs.version value: '8.11.0' - - set: - field: event.action - value: "event" - - set: - field: event.kind - value: "event" - rename: field: message target_field: event.original @@ -21,19 +15,41 @@ processors: - fail: if: "!(ctx.github.issues instanceof Map)" message: Missing JSON object - - fingerprint: - if: ctx.github.issues.url != null - fields: - - github.issues.url - target_field: "_id" + - remove: + field: + - event.kind ignore_missing: true + description: Fields defined as constant_keyword are removed from _source for storage efficiency. + - append: + field: event.type + value: creation + if: ctx.github?.issues?.created_at == ctx.github?.issues?.updated_at + - append: + field: event.type + value: deletion + if: ctx.github?.issues?.closed_at != null || ctx.github?.issues?.pull_request?.merged_at != null + - append: + field: event.type + value: change + if: ctx.github?.issues?.created_at != ctx.github?.issues?.updated_at && ctx.github?.issues?.closed_at == null && ctx.github?.issues?.pull_request?.merged_at == null + - date: + field: github.issues.updated_at + formats: + - ISO8601 + timezone: UTC + target_field: github.issues.updated_at + if: ctx.github.issues.updated_at != null - date: field: github.issues.created_at formats: - ISO8601 timezone: UTC - target_field: "@timestamp" + target_field: github.issues.created_at if: ctx.github.issues.created_at != null + - set: + field: '@timestamp' + copy_from: github.issues.updated_at + ignore_empty_value: true - set: field: event.created copy_from: "@timestamp" @@ -45,13 +61,6 @@ processors: if: ctx.github.issues.pull_request != null field: github.issues.is_pr value: true - - date: - field: github.issues.updated_at - formats: - - ISO8601 - timezone: UTC - target_field: github.issues.updated_at - if: ctx.github.issues.updated_at != null - dissect: field: github.issues.url pattern: "https://api.github.com/repos/%{_temp_.owner}/%{_temp_.repository}/issues/%{_temp_.number}" @@ -72,16 +81,22 @@ processors: field: github.repository.owner.login value: "{{{_temp_.owner}}}" if: ctx._temp_?.owner != null - - set: - field: github.state - value: "{{{github.issues.state}}}" - if: ctx.github.issues.state != null - foreach: field: github.issues.assignees ignore_missing: true processor: remove: field: ["_ingest._value.node_id", "_ingest._value.avatar_url", "_ingest._value.gravatar_id", "_ingest._value.followers_url", "_ingest._value.following_url", "_ingest._value.gists_url", "_ingest._value.starred_url", "_ingest._value.subscriptions_url", "_ingest._value.organizations_url", "_ingest._value.repos_url", "_ingest._value.events_url", "_ingest._value.received_events_url"] + - fingerprint: + fields: + - github.repository.owner.login + - github.repository.name + - github.issues.url + - github.issues.created_at + - github.issues.updated_at + - github.issues.closed_at + target_field: "_id" + ignore_missing: true - remove: field: - github.issues.user.node_id @@ -198,11 +213,6 @@ processors: - _temp_ - github.issues.repository ignore_missing: true - - remove: - field: - - github.issues.state - if: ctx.tags?.contains('preserve_duplicate_custom_fields') != true - ignore_missing: true - remove: field: event.original if: ctx.tags?.contains('preserve_original_event') != true diff --git a/packages/github/data_stream/issues/fields/agent.yml b/packages/github/data_stream/issues/fields/agent.yml index bc42d0a853bc..3a1b4c228964 100644 --- a/packages/github/data_stream/issues/fields/agent.yml +++ b/packages/github/data_stream/issues/fields/agent.yml @@ -6,18 +6,18 @@ fields: - name: containerized type: boolean - description: > - If the host is a container. - + description: If the host is a container. - name: os.build type: keyword example: "18D109" - description: > - OS build information. - + description: OS build information. - name: os.codename type: keyword example: "stretch" - description: > - OS codename, if any. - + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/data_stream/issues/fields/base-fields.yml b/packages/github/data_stream/issues/fields/base-fields.yml index 889874304bfd..7defa882da69 100644 --- a/packages/github/data_stream/issues/fields/base-fields.yml +++ b/packages/github/data_stream/issues/fields/base-fields.yml @@ -1,23 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset name. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module value: github + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset value: github.issues -- name: "@timestamp" - type: date - description: Event timestamp. -- name: input.type - type: keyword - description: Type of Filebeat input. + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/data_stream/issues/fields/ecs.yml b/packages/github/data_stream/issues/fields/ecs.yml new file mode 100644 index 000000000000..81f5d8e883f8 --- /dev/null +++ b/packages/github/data_stream/issues/fields/ecs.yml @@ -0,0 +1,4 @@ +# Define ECS constant fields as constant_keyword +- name: event.kind + type: constant_keyword + value: event diff --git a/packages/github/data_stream/issues/fields/fields.yml b/packages/github/data_stream/issues/fields/fields.yml index 8c6a62d80550..0fee38e6d1ff 100644 --- a/packages/github/data_stream/issues/fields/fields.yml +++ b/packages/github/data_stream/issues/fields/fields.yml @@ -6,20 +6,16 @@ fields: - name: id type: integer - description: >- - The id of github issue + description: The id of GitHub issue. - name: node_id type: keyword - description: >- - The node_id of github issue + description: The node_id of GitHub issue. - name: url type: keyword - description: >- - The url of github issue + description: The url of GitHub issue. - name: repository_url type: keyword - description: >- - The repository containing the github issue + description: The repository containing the GitHub issue. - name: labels_url type: keyword - name: comments_url @@ -38,9 +34,7 @@ type: text - name: user type: group - description: > - Information of user who created the issue - + description: Information of user who created the issue. fields: - name: name type: keyword @@ -60,9 +54,7 @@ type: boolean - name: assignee type: group - description: > - Information of user who was assigned the issue - + description: Information of user who was assigned the issue. fields: - name: name type: keyword @@ -82,14 +74,10 @@ type: boolean - name: assignees type: flattened - description: > - Information of users who were assigned the issue - + description: Information of users who were assigned the issue. - name: labels type: group - description: > - Information of labels assigned to the issue - + description: Information of labels assigned to the issue. fields: - name: name type: keyword @@ -107,9 +95,7 @@ type: integer - name: pull_request type: group - description: > - Pull request - + description: Pull request fields: - name: url type: keyword @@ -121,21 +107,16 @@ type: keyword - name: closed_at type: date - description: >- - The time that the issue was closed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the issue was closed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: created_at type: date - description: >- - The time that the issue was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the issue was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: updated_at type: date - description: >- - The time that the issue was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the issue was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: closed_by type: group - description: > - Information of user who closed the issue - + description: Information of user who closed the issue. fields: - name: name type: keyword @@ -168,45 +149,4 @@ format: duration unit: s metric_type: gauge - description: > - The time taken to close an issue in seconds. - - - name: state - type: keyword - description: > - State of github issue - - - name: repository - type: group - description: > - Information on the Github repository associated with the alert - - fields: - - name: name - type: keyword - description: > - The name of the repository. - - - name: html_url - type: keyword - description: > - The URL to view the repository on GitHub.com. - - - name: description - type: text - description: > - The repository description. - - - name: url - type: keyword - description: > - The URL to get more information about the repository from the GitHub API. - - - name: owner - type: group - description: > - Owner of github repository - - fields: - - name: login - type: keyword + description: The time taken to close an issue in seconds. diff --git a/packages/github/data_stream/issues/fields/is-transform-source-true.yml b/packages/github/data_stream/issues/fields/is-transform-source-true.yml new file mode 100644 index 000000000000..fd4766eacd52 --- /dev/null +++ b/packages/github/data_stream/issues/fields/is-transform-source-true.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "true" diff --git a/packages/github/data_stream/issues/fields/package-fields.yml b/packages/github/data_stream/issues/fields/package-fields.yml new file mode 100644 index 000000000000..0e22ea0bcab6 --- /dev/null +++ b/packages/github/data_stream/issues/fields/package-fields.yml @@ -0,0 +1,62 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. + - name: site_admin + type: boolean + description: Whether the owner is a site administrator. diff --git a/packages/github/data_stream/issues/sample_event.json b/packages/github/data_stream/issues/sample_event.json index e922b4d30b94..336eef3352c9 100644 --- a/packages/github/data_stream/issues/sample_event.json +++ b/packages/github/data_stream/issues/sample_event.json @@ -1,33 +1,34 @@ { "@timestamp": "2011-04-22T13:33:48.000Z", "agent": { - "ephemeral_id": "584c482b-3ffa-4d41-8926-c8194940a361", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "24244f5f-9ce8-4ce3-983d-e172bb7f9fad", + "id": "1cd88ff5-88f4-4117-b49f-204bb2d5e1c3", + "name": "elastic-agent-46814", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.issues", - "namespace": "ep", + "namespace": "81948", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "1cd88ff5-88f4-4117-b49f-204bb2d5e1c3", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "event", "agent_id_status": "verified", "created": "2011-04-22T13:33:48.000Z", "dataset": "github.issues", - "ingested": "2024-01-18T16:00:55Z", - "kind": "event", - "original": "{\"active_lock_reason\":\"too heated\",\"assignee\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"assignees\":[{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}],\"author_association\":\"COLLABORATOR\",\"body\":\"I'm having a problem with this.\",\"closed_at\":null,\"closed_by\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"comments\":0,\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"created_at\":\"2011-04-22T13:33:48Z\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"id\":1,\"labels\":[{\"color\":\"f29513\",\"default\":true,\"description\":\"Something isn't working\",\"id\":208045946,\"name\":\"bug\",\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\"}],\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"locked\":true,\"milestone\":{\"closed_at\":\"2013-02-12T13:22:01Z\",\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"creator\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"description\":\"Tracking milestone for version 1.0\",\"due_on\":\"2012-10-09T23:39:01Z\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"id\":1002604,\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"open_issues\":4,\"state\":\"open\",\"title\":\"v1.0\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\"},\"node_id\":\"MDU6SXNzdWUx\",\"number\":1347,\"pull_request\":{\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\"},\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"state\":\"open\",\"state_reason\":\"completed\",\"title\":\"Found a bug\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"user\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}}" + "ingested": "2024-10-30T03:19:25Z", + "original": "{\"active_lock_reason\":\"too heated\",\"assignee\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"assignees\":[{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}],\"author_association\":\"COLLABORATOR\",\"body\":\"I'm having a problem with this.\",\"closed_at\":null,\"closed_by\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"comments\":0,\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"created_at\":\"2011-04-22T13:33:48Z\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"id\":1,\"labels\":[{\"color\":\"f29513\",\"default\":true,\"description\":\"Something isn't working\",\"id\":208045946,\"name\":\"bug\",\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\"}],\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"locked\":true,\"milestone\":{\"closed_at\":\"2013-02-12T13:22:01Z\",\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"creator\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"description\":\"Tracking milestone for version 1.0\",\"due_on\":\"2012-10-09T23:39:01Z\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"id\":1002604,\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"open_issues\":4,\"state\":\"open\",\"title\":\"v1.0\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\"},\"node_id\":\"MDU6SXNzdWUx\",\"number\":1347,\"pull_request\":{\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\"},\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"state\":\"open\",\"state_reason\":\"completed\",\"title\":\"Found a bug\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"user\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}}", + "type": [ + "creation" + ] }, "github": { "issues": { @@ -62,7 +63,7 @@ }, "comments": 0, "comments_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/comments", - "created_at": "2011-04-22T13:33:48Z", + "created_at": "2011-04-22T13:33:48.000Z", "events_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/events", "html_url": "https://github.com/octocat/Hello-World/issues/1347", "id": 1, @@ -84,6 +85,7 @@ "url": "https://api.github.com/repos/octocat/Hello-World/pulls/1347" }, "repository_url": "https://api.github.com/repos/octocat/Hello-World", + "state": "open", "state_reason": "completed", "title": "Found a bug", "updated_at": "2011-04-22T13:33:48.000Z", @@ -104,8 +106,7 @@ "login": "octocat" }, "url": "https://api.github.com/repos/octocat/Hello-World" - }, - "state": "open" + } }, "input": { "type": "httpjson" diff --git a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log index c78c3e7dc31d..68945f5c8f2d 100644 --- a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log +++ b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log @@ -1,9 +1,9 @@ -{"number":2,"created_at":"2020-11-06T18:48:51Z","url":"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2","html_url":"https://github.com/owner/private-repo/security/secret-scanning/2","locations_url":"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations","state":"resolved","resolution":"false_positive","resolved_at":"2020-11-07T02:47:13Z","resolved_by":{"login":"monalisa","id":2,"node_id":"MDQ6VXNlcjI=","avatar_url":"https://alambic.github.com/avatars/u/2?","gravatar_id":"","url":"https://api.github.com/users/monalisa","html_url":"https://github.com/monalisa","followers_url":"https://api.github.com/users/monalisa/followers","following_url":"https://api.github.com/users/monalisa/following{/other_user}","gists_url":"https://api.github.com/users/monalisa/gists{/gist_id}","starred_url":"https://api.github.com/users/monalisa/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/monalisa/subscriptions","organizations_url":"https://api.github.com/users/monalisa/orgs","repos_url":"https://api.github.com/users/monalisa/repos","events_url":"https://api.github.com/users/monalisa/events{/privacy}","received_events_url":"https://api.github.com/users/monalisa/received_events","type":"User","site_admin":true},"secret_type":"adafruit_io_key","secret_type_display_name":"Adafruit IO Key","secret":"aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX","push_protection_bypassed_by":{"login":"monalisa","id":2,"node_id":"MDQ6VXNlcjI=","avatar_url":"https://alambic.github.com/avatars/u/2?","gravatar_id":"","url":"https://api.github.com/users/monalisa","html_url":"https://github.com/monalisa","followers_url":"https://api.github.com/users/monalisa/followers","following_url":"https://api.github.com/users/monalisa/following{/other_user}","gists_url":"https://api.github.com/users/monalisa/gists{/gist_id}","starred_url":"https://api.github.com/users/monalisa/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/monalisa/subscriptions","organizations_url":"https://api.github.com/users/monalisa/orgs","repos_url":"https://api.github.com/users/monalisa/repos","events_url":"https://api.github.com/users/monalisa/events{/privacy}","received_events_url":"https://api.github.com/users/monalisa/received_events","type":"User","site_admin":true},"push_protection_bypassed":true,"push_protection_bypassed_at":"2020-11-06T21:48:51Z"} +{"number":2,"created_at":"2020-11-06T18:48:51Z","url":"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2","html_url":"https://github.com/owner/private-repo/security/secret-scanning/2","locations_url":"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations","state":"resolved","resolution":"false_positive","resolved_at":"2020-11-07T02:47:13Z","resolved_by":{"login":"monalisa","id":2,"node_id":"MDQ6VXNlcjI=","avatar_url":"https://alambic.github.com/avatars/u/2?","gravatar_id":"","url":"https://api.github.com/users/monalisa","html_url":"https://github.com/monalisa","followers_url":"https://api.github.com/users/monalisa/followers","following_url":"https://api.github.com/users/monalisa/following{/other_user}","gists_url":"https://api.github.com/users/monalisa/gists{/gist_id}","starred_url":"https://api.github.com/users/monalisa/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/monalisa/subscriptions","organizations_url":"https://api.github.com/users/monalisa/orgs","repos_url":"https://api.github.com/users/monalisa/repos","events_url":"https://api.github.com/users/monalisa/events{/privacy}","received_events_url":"https://api.github.com/users/monalisa/received_events","type":"User","site_admin":true},"secret_type":"adafruit_io_key","secret_type_display_name":"Adafruit IO Key","secret":"aXXXXXXXXXXXXXXXXXXXXXXXXXXXX","push_protection_bypassed_by":{"login":"monalisa","id":2,"node_id":"MDQ6VXNlcjI=","avatar_url":"https://alambic.github.com/avatars/u/2?","gravatar_id":"","url":"https://api.github.com/users/monalisa","html_url":"https://github.com/monalisa","followers_url":"https://api.github.com/users/monalisa/followers","following_url":"https://api.github.com/users/monalisa/following{/other_user}","gists_url":"https://api.github.com/users/monalisa/gists{/gist_id}","starred_url":"https://api.github.com/users/monalisa/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/monalisa/subscriptions","organizations_url":"https://api.github.com/users/monalisa/orgs","repos_url":"https://api.github.com/users/monalisa/repos","events_url":"https://api.github.com/users/monalisa/events{/privacy}","received_events_url":"https://api.github.com/users/monalisa/received_events","type":"User","site_admin":true},"push_protection_bypassed":true,"push_protection_bypassed_at":"2020-11-06T21:48:51Z"} {"number":1,"created_at":"2020-11-06T18:18:30Z","url":"https://api.github.com/repos/owner/repo/secret-scanning/alerts/1","html_url":"https://github.com/owner/repo/security/secret-scanning/1","locations_url":"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations","state":"open","resolution":null,"resolved_at":null,"resolved_by":null,"secret_type":"mailchimp_api_key","secret_type_display_name":"Mailchimp API Key","secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2","push_protection_bypassed_by":null,"push_protection_bypassed":false,"push_protection_bypassed_at":null } -{"number":7,"created_at":"2022-07-07T12:56:24Z","updated_at":"2022-07-07T12:56:24Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/7","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7/locations","state":"open","secret_type":"npm_access_token","secret_type_display_name":"npm Access Token","secret":"npm_A7WfAVLMKkzhcGGxyCH8kQiKgTJhtU1DsGCG","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":true,"push_protection_bypassed_by":{"login":"kcreddy","id":11301409,"node_id":"MDQ6VXNlcjExMzAxNDA5","avatar_url":"https://avatars.githubusercontent.com/u/11301409?v=4","gravatar_id":"","url":"https://api.github.com/users/kcreddy","html_url":"https://github.com/kcreddy","followers_url":"https://api.github.com/users/kcreddy/followers","following_url":"https://api.github.com/users/kcreddy/following{/other_user}","gists_url":"https://api.github.com/users/kcreddy/gists{/gist_id}","starred_url":"https://api.github.com/users/kcreddy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kcreddy/subscriptions","organizations_url":"https://api.github.com/users/kcreddy/orgs","repos_url":"https://api.github.com/users/kcreddy/repos","events_url":"https://api.github.com/users/kcreddy/events{/privacy}","received_events_url":"https://api.github.com/users/kcreddy/received_events","type":"User","site_admin":false},"push_protection_bypassed_at":"2022-07-07T12:55:53Z" } -{"number":6,"created_at":"2022-07-07T12:54:02Z","updated_at":"2022-07-07T12:54:02Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/6","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"DobuHe3ygkLnhf0efFG05A81","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } -{"number":5,"created_at":"2022-07-07T12:48:57Z","updated_at":"2022-07-07T12:48:57Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/5","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"SlHw1Z8v4PaQHIudLweh178G","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } -{"number":4,"created_at":"2022-07-07T10:52:40Z","updated_at":"2022-07-07T10:52:40Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/4","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"W7PwnhKGwHMzwc3nHukPDAG6","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } +{"number":7,"created_at":"2022-07-07T12:56:24Z","updated_at":"2022-07-07T12:56:24Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/7","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7/locations","state":"open","secret_type":"npm_access_token","secret_type_display_name":"npm Access Token","secret":"ndasdjkasndlmaslxDSALDQUY12sl","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":true,"push_protection_bypassed_by":{"login":"kcreddy","id":11301409,"node_id":"MDQ6VXNlcjExMzAxNDA5","avatar_url":"https://avatars.githubusercontent.com/u/11301409?v=4","gravatar_id":"","url":"https://api.github.com/users/kcreddy","html_url":"https://github.com/kcreddy","followers_url":"https://api.github.com/users/kcreddy/followers","following_url":"https://api.github.com/users/kcreddy/following{/other_user}","gists_url":"https://api.github.com/users/kcreddy/gists{/gist_id}","starred_url":"https://api.github.com/users/kcreddy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kcreddy/subscriptions","organizations_url":"https://api.github.com/users/kcreddy/orgs","repos_url":"https://api.github.com/users/kcreddy/repos","events_url":"https://api.github.com/users/kcreddy/events{/privacy}","received_events_url":"https://api.github.com/users/kcreddy/received_events","type":"User","site_admin":false},"push_protection_bypassed_at":"2022-07-07T12:55:53Z" } +{"number":6,"created_at":"2022-07-07T12:54:02Z","updated_at":"2022-07-07T12:54:02Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/6","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"ndasdjkasndlmaslxDSALDQUY11212","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } +{"number":5,"created_at":"2022-07-07T12:48:57Z","updated_at":"2022-07-07T12:48:57Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/5","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"ndasdjkasndlmaslxDSALDQUY1121RDSD","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } +{"number":4,"created_at":"2022-07-07T10:52:40Z","updated_at":"2022-07-07T10:52:40Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/4","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4/locations","state":"open","secret_type":"atlassian_api_token","secret_type_display_name":"Atlassian API Token","secret":"qw131xqd23e123c23423132DSDAD","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } {"number":3,"created_at":"2022-07-07T10:52:40Z","updated_at":"2022-07-07T10:52:40Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/3","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3/locations","state":"resolved","secret_type":"custom_pattern_2","secret_type_display_name":"custom_pattern_2","secret":"FAHf9g","resolution":"wont_fix","resolved_by":{"login":"kcreddy","id":11301409,"node_id":"MDQ6VXNlcjExMzAxNDA5","avatar_url":"https://avatars.githubusercontent.com/u/11301409?v=4","gravatar_id":"","url":"https://api.github.com/users/kcreddy","html_url":"https://github.com/kcreddy","followers_url":"https://api.github.com/users/kcreddy/followers","following_url":"https://api.github.com/users/kcreddy/following{/other_user}","gists_url":"https://api.github.com/users/kcreddy/gists{/gist_id}","starred_url":"https://api.github.com/users/kcreddy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kcreddy/subscriptions","organizations_url":"https://api.github.com/users/kcreddy/orgs","repos_url":"https://api.github.com/users/kcreddy/repos","events_url":"https://api.github.com/users/kcreddy/events{/privacy}","received_events_url":"https://api.github.com/users/kcreddy/received_events","type":"User","site_admin":false},"resolved_at":"2022-07-07T12:45:43Z","push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } {"number":2,"created_at":"2022-07-07T09:47:47Z","updated_at":"2022-07-07T09:47:51Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/2","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2/locations","state":"open","secret_type":"custom_pattern_1","secret_type_display_name":"custom_pattern_1","secret":"custom_54fH8","resolution":null,"resolved_by":null,"resolved_at":null,"push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } -{"number":1,"created_at":"2022-07-07T09:23:23Z","updated_at":"2022-07-07T09:23:23Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/1","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1/locations","state":"resolved","secret_type":"npm_access_token","secret_type_display_name":"npm Access Token","secret":"npm_2aZQ3QzGXlPbEgMMduZS1k0M1C0wNu3oqNbk","resolution":"revoked","resolved_by":{"login":"kcreddy","id":11301409,"node_id":"MDQ6VXNlcjExMzAxNDA5","avatar_url":"https://avatars.githubusercontent.com/u/11301409?v=4","gravatar_id":"","url":"https://api.github.com/users/kcreddy","html_url":"https://github.com/kcreddy","followers_url":"https://api.github.com/users/kcreddy/followers","following_url":"https://api.github.com/users/kcreddy/following{/other_user}","gists_url":"https://api.github.com/users/kcreddy/gists{/gist_id}","starred_url":"https://api.github.com/users/kcreddy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kcreddy/subscriptions","organizations_url":"https://api.github.com/users/kcreddy/orgs","repos_url":"https://api.github.com/users/kcreddy/repos","events_url":"https://api.github.com/users/kcreddy/events{/privacy}","received_events_url":"https://api.github.com/users/kcreddy/received_events","type":"User","site_admin":false},"resolved_at":"2022-07-07T10:13:56Z","push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } \ No newline at end of file +{"number":1,"created_at":"2022-07-07T09:23:23Z","updated_at":"2022-07-07T09:23:23Z","url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1","html_url":"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/1","locations_url":"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1/locations","state":"resolved","secret_type":"npm_access_token","secret_type_display_name":"npm Access Token","secret":"E123124CEWDSdsfsdfad3413","resolution":"revoked","resolved_by":{"login":"kcreddy","id":11301409,"node_id":"MDQ6VXNlcjExMzAxNDA5","avatar_url":"https://avatars.githubusercontent.com/u/11301409?v=4","gravatar_id":"","url":"https://api.github.com/users/kcreddy","html_url":"https://github.com/kcreddy","followers_url":"https://api.github.com/users/kcreddy/followers","following_url":"https://api.github.com/users/kcreddy/following{/other_user}","gists_url":"https://api.github.com/users/kcreddy/gists{/gist_id}","starred_url":"https://api.github.com/users/kcreddy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kcreddy/subscriptions","organizations_url":"https://api.github.com/users/kcreddy/orgs","repos_url":"https://api.github.com/users/kcreddy/repos","events_url":"https://api.github.com/users/kcreddy/events{/privacy}","received_events_url":"https://api.github.com/users/kcreddy/received_events","type":"User","site_admin":false},"resolved_at":"2022-07-07T10:13:56Z","push_protection_bypassed":false,"push_protection_bypassed_by":null,"push_protection_bypassed_at":null } \ No newline at end of file diff --git a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json index 7811b109a3dd..4ccb77ea25f6 100644 --- a/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json +++ b/packages/github/data_stream/secret_scanning/_dev/test/pipeline/test-ghas-secret-scanning-json.log-expected.json @@ -6,9 +6,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2020-11-06T18:48:51Z", - "original": "{\"number\":2,\"created_at\":\"2020-11-06T18:48:51Z\",\"url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2\",\"html_url\":\"https://github.com/owner/private-repo/security/secret-scanning/2\",\"locations_url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations\",\"state\":\"resolved\",\"resolution\":\"false_positive\",\"resolved_at\":\"2020-11-07T02:47:13Z\",\"resolved_by\":{\"login\":\"monalisa\",\"id\":2,\"node_id\":\"MDQ6VXNlcjI=\",\"avatar_url\":\"https://alambic.github.com/avatars/u/2?\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/monalisa\",\"html_url\":\"https://github.com/monalisa\",\"followers_url\":\"https://api.github.com/users/monalisa/followers\",\"following_url\":\"https://api.github.com/users/monalisa/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/monalisa/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/monalisa/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/monalisa/subscriptions\",\"organizations_url\":\"https://api.github.com/users/monalisa/orgs\",\"repos_url\":\"https://api.github.com/users/monalisa/repos\",\"events_url\":\"https://api.github.com/users/monalisa/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/monalisa/received_events\",\"type\":\"User\",\"site_admin\":true},\"secret_type\":\"adafruit_io_key\",\"secret_type_display_name\":\"Adafruit IO Key\",\"secret\":\"aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX\",\"push_protection_bypassed_by\":{\"login\":\"monalisa\",\"id\":2,\"node_id\":\"MDQ6VXNlcjI=\",\"avatar_url\":\"https://alambic.github.com/avatars/u/2?\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/monalisa\",\"html_url\":\"https://github.com/monalisa\",\"followers_url\":\"https://api.github.com/users/monalisa/followers\",\"following_url\":\"https://api.github.com/users/monalisa/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/monalisa/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/monalisa/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/monalisa/subscriptions\",\"organizations_url\":\"https://api.github.com/users/monalisa/orgs\",\"repos_url\":\"https://api.github.com/users/monalisa/repos\",\"events_url\":\"https://api.github.com/users/monalisa/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/monalisa/received_events\",\"type\":\"User\",\"site_admin\":true},\"push_protection_bypassed\":true,\"push_protection_bypassed_at\":\"2020-11-06T21:48:51Z\"}" + "original": "{\"number\":2,\"created_at\":\"2020-11-06T18:48:51Z\",\"url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2\",\"html_url\":\"https://github.com/owner/private-repo/security/secret-scanning/2\",\"locations_url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2/locations\",\"state\":\"resolved\",\"resolution\":\"false_positive\",\"resolved_at\":\"2020-11-07T02:47:13Z\",\"resolved_by\":{\"login\":\"monalisa\",\"id\":2,\"node_id\":\"MDQ6VXNlcjI=\",\"avatar_url\":\"https://alambic.github.com/avatars/u/2?\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/monalisa\",\"html_url\":\"https://github.com/monalisa\",\"followers_url\":\"https://api.github.com/users/monalisa/followers\",\"following_url\":\"https://api.github.com/users/monalisa/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/monalisa/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/monalisa/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/monalisa/subscriptions\",\"organizations_url\":\"https://api.github.com/users/monalisa/orgs\",\"repos_url\":\"https://api.github.com/users/monalisa/repos\",\"events_url\":\"https://api.github.com/users/monalisa/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/monalisa/received_events\",\"type\":\"User\",\"site_admin\":true},\"secret_type\":\"adafruit_io_key\",\"secret_type_display_name\":\"Adafruit IO Key\",\"secret\":\"aXXXXXXXXXXXXXXXXXXXXXXXXXXXX\",\"push_protection_bypassed_by\":{\"login\":\"monalisa\",\"id\":2,\"node_id\":\"MDQ6VXNlcjI=\",\"avatar_url\":\"https://alambic.github.com/avatars/u/2?\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/monalisa\",\"html_url\":\"https://github.com/monalisa\",\"followers_url\":\"https://api.github.com/users/monalisa/followers\",\"following_url\":\"https://api.github.com/users/monalisa/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/monalisa/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/monalisa/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/monalisa/subscriptions\",\"organizations_url\":\"https://api.github.com/users/monalisa/orgs\",\"repos_url\":\"https://api.github.com/users/monalisa/repos\",\"events_url\":\"https://api.github.com/users/monalisa/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/monalisa/received_events\",\"type\":\"User\",\"site_admin\":true},\"push_protection_bypassed\":true,\"push_protection_bypassed_at\":\"2020-11-06T21:48:51Z\"}", + "type": [ + "deletion" + ] }, "github": { "repository": { @@ -46,7 +48,7 @@ "type": "User", "url": "https://api.github.com/users/monalisa" }, - "secret": "aio_XXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "secret": "aXXXXXXXXXXXXXXXXXXXXXXXXXXXX", "secret_type": "adafruit_io_key", "secret_type_display_name": "Adafruit IO Key", "state": "resolved", @@ -54,9 +56,7 @@ "sec": 28702 }, "url": "https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/2" - }, - "severity": "undefined", - "state": "resolved" + } }, "tags": [ "preserve_original_event" @@ -68,9 +68,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2020-11-06T18:18:30Z", - "original": "{\"number\":1,\"created_at\":\"2020-11-06T18:18:30Z\",\"url\":\"https://api.github.com/repos/owner/repo/secret-scanning/alerts/1\",\"html_url\":\"https://github.com/owner/repo/security/secret-scanning/1\",\"locations_url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations\",\"state\":\"open\",\"resolution\":null,\"resolved_at\":null,\"resolved_by\":null,\"secret_type\":\"mailchimp_api_key\",\"secret_type_display_name\":\"Mailchimp API Key\",\"secret\":\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2\",\"push_protection_bypassed_by\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":1,\"created_at\":\"2020-11-06T18:18:30Z\",\"url\":\"https://api.github.com/repos/owner/repo/secret-scanning/alerts/1\",\"html_url\":\"https://github.com/owner/repo/security/secret-scanning/1\",\"locations_url\":\"https://api.github.com/repos/owner/private-repo/secret-scanning/alerts/1/locations\",\"state\":\"open\",\"resolution\":null,\"resolved_at\":null,\"resolved_by\":null,\"secret_type\":\"mailchimp_api_key\",\"secret_type_display_name\":\"Mailchimp API Key\",\"secret\":\"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-us2\",\"push_protection_bypassed_by\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_at\":null }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -92,9 +94,7 @@ "secret_type_display_name": "Mailchimp API Key", "state": "open", "url": "https://api.github.com/repos/owner/repo/secret-scanning/alerts/1" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -106,9 +106,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T12:56:24Z", - "original": "{\"number\":7,\"created_at\":\"2022-07-07T12:56:24Z\",\"updated_at\":\"2022-07-07T12:56:24Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/7\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7/locations\",\"state\":\"open\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"secret\":\"npm_A7WfAVLMKkzhcGGxyCH8kQiKgTJhtU1DsGCG\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"push_protection_bypassed_at\":\"2022-07-07T12:55:53Z\" }" + "original": "{\"number\":7,\"created_at\":\"2022-07-07T12:56:24Z\",\"updated_at\":\"2022-07-07T12:56:24Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/7\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7/locations\",\"state\":\"open\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"secret\":\"ndasdjkasndlmaslxDSALDQUY12sl\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"push_protection_bypassed_at\":\"2022-07-07T12:55:53Z\" }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -135,15 +137,13 @@ "type": "User", "url": "https://api.github.com/users/kcreddy" }, - "secret": "npm_A7WfAVLMKkzhcGGxyCH8kQiKgTJhtU1DsGCG", + "secret": "ndasdjkasndlmaslxDSALDQUY12sl", "secret_type": "npm_access_token", "secret_type_display_name": "npm Access Token", "state": "open", "updated_at": "2022-07-07T12:56:24Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/7" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -155,9 +155,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T12:54:02Z", - "original": "{\"number\":6,\"created_at\":\"2022-07-07T12:54:02Z\",\"updated_at\":\"2022-07-07T12:54:02Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/6\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"DobuHe3ygkLnhf0efFG05A81\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":6,\"created_at\":\"2022-07-07T12:54:02Z\",\"updated_at\":\"2022-07-07T12:54:02Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/6\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"ndasdjkasndlmaslxDSALDQUY11212\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -174,15 +176,13 @@ "locations_url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6/locations", "number": 6, "push_protection_bypassed": false, - "secret": "DobuHe3ygkLnhf0efFG05A81", + "secret": "ndasdjkasndlmaslxDSALDQUY11212", "secret_type": "atlassian_api_token", "secret_type_display_name": "Atlassian API Token", "state": "open", "updated_at": "2022-07-07T12:54:02Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/6" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -194,9 +194,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T12:48:57Z", - "original": "{\"number\":5,\"created_at\":\"2022-07-07T12:48:57Z\",\"updated_at\":\"2022-07-07T12:48:57Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/5\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"SlHw1Z8v4PaQHIudLweh178G\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":5,\"created_at\":\"2022-07-07T12:48:57Z\",\"updated_at\":\"2022-07-07T12:48:57Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/5\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"ndasdjkasndlmaslxDSALDQUY1121RDSD\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -213,15 +215,13 @@ "locations_url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5/locations", "number": 5, "push_protection_bypassed": false, - "secret": "SlHw1Z8v4PaQHIudLweh178G", + "secret": "ndasdjkasndlmaslxDSALDQUY1121RDSD", "secret_type": "atlassian_api_token", "secret_type_display_name": "Atlassian API Token", "state": "open", "updated_at": "2022-07-07T12:48:57Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/5" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -233,9 +233,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T10:52:40Z", - "original": "{\"number\":4,\"created_at\":\"2022-07-07T10:52:40Z\",\"updated_at\":\"2022-07-07T10:52:40Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/4\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"W7PwnhKGwHMzwc3nHukPDAG6\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":4,\"created_at\":\"2022-07-07T10:52:40Z\",\"updated_at\":\"2022-07-07T10:52:40Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/4\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4/locations\",\"state\":\"open\",\"secret_type\":\"atlassian_api_token\",\"secret_type_display_name\":\"Atlassian API Token\",\"secret\":\"qw131xqd23e123c23423132DSDAD\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -252,15 +254,13 @@ "locations_url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4/locations", "number": 4, "push_protection_bypassed": false, - "secret": "W7PwnhKGwHMzwc3nHukPDAG6", + "secret": "qw131xqd23e123c23423132DSDAD", "secret_type": "atlassian_api_token", "secret_type_display_name": "Atlassian API Token", "state": "open", "updated_at": "2022-07-07T10:52:40Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/4" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -272,9 +272,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T10:52:40Z", - "original": "{\"number\":3,\"created_at\":\"2022-07-07T10:52:40Z\",\"updated_at\":\"2022-07-07T10:52:40Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/3\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3/locations\",\"state\":\"resolved\",\"secret_type\":\"custom_pattern_2\",\"secret_type_display_name\":\"custom_pattern_2\",\"secret\":\"FAHf9g\",\"resolution\":\"wont_fix\",\"resolved_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"resolved_at\":\"2022-07-07T12:45:43Z\",\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":3,\"created_at\":\"2022-07-07T10:52:40Z\",\"updated_at\":\"2022-07-07T10:52:40Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/3\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3/locations\",\"state\":\"resolved\",\"secret_type\":\"custom_pattern_2\",\"secret_type_display_name\":\"custom_pattern_2\",\"secret\":\"FAHf9g\",\"resolution\":\"wont_fix\",\"resolved_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"resolved_at\":\"2022-07-07T12:45:43Z\",\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "deletion" + ] }, "github": { "repository": { @@ -311,9 +313,7 @@ }, "updated_at": "2022-07-07T10:52:40Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/3" - }, - "severity": "undefined", - "state": "resolved" + } }, "tags": [ "preserve_original_event" @@ -325,9 +325,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T09:47:47Z", - "original": "{\"number\":2,\"created_at\":\"2022-07-07T09:47:47Z\",\"updated_at\":\"2022-07-07T09:47:51Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/2\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2/locations\",\"state\":\"open\",\"secret_type\":\"custom_pattern_1\",\"secret_type_display_name\":\"custom_pattern_1\",\"secret\":\"custom_54fH8\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":2,\"created_at\":\"2022-07-07T09:47:47Z\",\"updated_at\":\"2022-07-07T09:47:51Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/2\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2/locations\",\"state\":\"open\",\"secret_type\":\"custom_pattern_1\",\"secret_type_display_name\":\"custom_pattern_1\",\"secret\":\"custom_54fH8\",\"resolution\":null,\"resolved_by\":null,\"resolved_at\":null,\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -350,9 +352,7 @@ "state": "open", "updated_at": "2022-07-07T09:47:51Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/2" - }, - "severity": "undefined", - "state": "open" + } }, "tags": [ "preserve_original_event" @@ -364,9 +364,11 @@ "version": "8.11.0" }, "event": { - "action": "secret_scanning", "created": "2022-07-07T09:23:23Z", - "original": "{\"number\":1,\"created_at\":\"2022-07-07T09:23:23Z\",\"updated_at\":\"2022-07-07T09:23:23Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/1\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1/locations\",\"state\":\"resolved\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"secret\":\"npm_2aZQ3QzGXlPbEgMMduZS1k0M1C0wNu3oqNbk\",\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"resolved_at\":\"2022-07-07T10:13:56Z\",\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }" + "original": "{\"number\":1,\"created_at\":\"2022-07-07T09:23:23Z\",\"updated_at\":\"2022-07-07T09:23:23Z\",\"url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1\",\"html_url\":\"https://github.com/kcreddy-org/dummy-pub-repo/security/secret-scanning/1\",\"locations_url\":\"https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1/locations\",\"state\":\"resolved\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"secret\":\"E123124CEWDSdsfsdfad3413\",\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"kcreddy\",\"id\":11301409,\"node_id\":\"MDQ6VXNlcjExMzAxNDA5\",\"avatar_url\":\"https://avatars.githubusercontent.com/u/11301409?v=4\",\"gravatar_id\":\"\",\"url\":\"https://api.github.com/users/kcreddy\",\"html_url\":\"https://github.com/kcreddy\",\"followers_url\":\"https://api.github.com/users/kcreddy/followers\",\"following_url\":\"https://api.github.com/users/kcreddy/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/kcreddy/gists{/gist_id}\",\"starred_url\":\"https://api.github.com/users/kcreddy/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/kcreddy/subscriptions\",\"organizations_url\":\"https://api.github.com/users/kcreddy/orgs\",\"repos_url\":\"https://api.github.com/users/kcreddy/repos\",\"events_url\":\"https://api.github.com/users/kcreddy/events{/privacy}\",\"received_events_url\":\"https://api.github.com/users/kcreddy/received_events\",\"type\":\"User\",\"site_admin\":false},\"resolved_at\":\"2022-07-07T10:13:56Z\",\"push_protection_bypassed\":false,\"push_protection_bypassed_by\":null,\"push_protection_bypassed_at\":null }", + "type": [ + "deletion" + ] }, "github": { "repository": { @@ -394,7 +396,7 @@ "type": "User", "url": "https://api.github.com/users/kcreddy" }, - "secret": "npm_2aZQ3QzGXlPbEgMMduZS1k0M1C0wNu3oqNbk", + "secret": "E123124CEWDSdsfsdfad3413", "secret_type": "npm_access_token", "secret_type_display_name": "npm Access Token", "state": "resolved", @@ -403,9 +405,7 @@ }, "updated_at": "2022-07-07T09:23:23Z", "url": "https://api.github.com/repos/kcreddy-org/dummy-pub-repo/secret-scanning/alerts/1" - }, - "severity": "undefined", - "state": "resolved" + } }, "tags": [ "preserve_original_event" diff --git a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml index e7b4941bf593..c5820932f03f 100644 --- a/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/secret_scanning/elasticsearch/ingest_pipeline/default.yml @@ -4,9 +4,6 @@ processors: - set: field: ecs.version value: '8.11.0' - - set: - field: event.action - value: "secret_scanning" - rename: field: message target_field: event.original @@ -18,6 +15,19 @@ processors: - fail: if: "!(ctx.github.secret_scanning instanceof Map)" message: Missing JSON object + - remove: + field: + - event.kind + ignore_missing: true + description: Fields defined as constant_keyword are removed from _source for storage efficiency. + - append: + field: event.type + value: creation + if: ctx.github?.secret_scanning?.resolved_at == null + - append: + field: event.type + value: deletion + if: ctx.github?.secret_scanning?.resolved_at != null - fingerprint: fields: - github.secret_scanning.number @@ -180,14 +190,6 @@ processors: - lowercase: field: github.secret_scanning.state ignore_missing: true - - set: - field: github.state - value: "{{{github.secret_scanning.state}}}" - if: ctx.github.secret_scanning.state != null - - set: - field: github.severity - value: "undefined" - if: ctx.github.severity == null - rename: target_field: _temp.push_protection_bypassed_by field: github.secret_scanning.push_protection_bypassed_by diff --git a/packages/github/data_stream/secret_scanning/fields/agent.yml b/packages/github/data_stream/secret_scanning/fields/agent.yml index bc42d0a853bc..3a1b4c228964 100644 --- a/packages/github/data_stream/secret_scanning/fields/agent.yml +++ b/packages/github/data_stream/secret_scanning/fields/agent.yml @@ -6,18 +6,18 @@ fields: - name: containerized type: boolean - description: > - If the host is a container. - + description: If the host is a container. - name: os.build type: keyword example: "18D109" - description: > - OS build information. - + description: OS build information. - name: os.codename type: keyword example: "stretch" - description: > - OS codename, if any. - + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/data_stream/secret_scanning/fields/base-fields.yml b/packages/github/data_stream/secret_scanning/fields/base-fields.yml index ca89c7f202bb..58381c04252c 100644 --- a/packages/github/data_stream/secret_scanning/fields/base-fields.yml +++ b/packages/github/data_stream/secret_scanning/fields/base-fields.yml @@ -1,23 +1,16 @@ - name: data_stream.type - type: constant_keyword - description: Data stream type. + external: ecs - name: data_stream.dataset - type: constant_keyword - description: Data stream dataset name. + external: ecs - name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. + external: ecs - name: event.module type: constant_keyword - description: Event module value: github + external: ecs - name: event.dataset type: constant_keyword - description: Event dataset value: github.secret_scanning -- name: "@timestamp" - type: date - description: Event timestamp. -- name: input.type - type: keyword - description: Type of Filebeat input. + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/data_stream/secret_scanning/fields/ecs.yml b/packages/github/data_stream/secret_scanning/fields/ecs.yml new file mode 100644 index 000000000000..b0f81a9b1bc2 --- /dev/null +++ b/packages/github/data_stream/secret_scanning/fields/ecs.yml @@ -0,0 +1,4 @@ +# Define ECS constant fields as constant_keyword +- name: event.kind + type: constant_keyword + value: alert diff --git a/packages/github/data_stream/secret_scanning/fields/fields.yml b/packages/github/data_stream/secret_scanning/fields/fields.yml index 4f57d4d37ce8..bd83406466bc 100644 --- a/packages/github/data_stream/secret_scanning/fields/fields.yml +++ b/packages/github/data_stream/secret_scanning/fields/fields.yml @@ -6,46 +6,34 @@ fields: - name: number type: integer - description: >- - The security alert number + description: The security alert number. - name: created_at type: date - description: >- - The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: updated_at type: date - description: >- - The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` + description: The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: url type: keyword - description: >- - The REST API URL of the alert resource + description: The REST API URL of the alert resource - name: html_url type: keyword - description: >- - The GitHub URL of the alert resource. + description: The GitHub URL of the alert resource. - name: locations_url type: keyword - description: >- - The REST API URL of the code locations for this alert + description: The REST API URL of the code locations for this alert. - name: state type: keyword - description: "Sets the state of the secret scanning alert. \n" + description: State of the secret scanning alert. - name: resolution type: keyword - description: > - Required when the `state` is `resolved`. The reason for resolving the alert. - + description: Required when the `state` is `resolved`. The reason for resolving the alert. - name: resolved_at type: date - description: > - The time that the alert was resolved in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. - + description: The time that the alert was resolved in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. - name: resolved_by type: group - description: > - Information on user who resolved the alert - + description: Information on user who resolved the alert. fields: - name: name type: keyword @@ -70,34 +58,22 @@ format: duration unit: s metric_type: gauge - description: > - The time taken to either fix the secret in seconds. - + description: The time taken to either fix the secret in seconds. - name: secret_type type: keyword - description: > - The type of secret that secret scanning detected - + description: The type of secret that secret scanning detected. - name: secret_type_display_name type: keyword - description: > - User-friendly name for the detected secret, matching the `secret_type` - + description: User-friendly name for the detected secret, matching the `secret_type`. - name: secret type: keyword - description: > - The secret that was detected - + description: The secret that was detected. - name: push_protection_bypassed type: boolean - description: > - Whether push protection was bypassed for the detected secret. - + description: Whether push protection was bypassed for the detected secret. - name: push_protection_bypassed_by type: group - description: > - Information on user who bypassed push protection bypassed - + description: Information on user who bypassed push protection bypassed. fields: - name: name type: keyword @@ -119,44 +95,4 @@ type: boolean - name: push_protection_bypassed_at type: date - description: >- - The time that push protection was bypassed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. - - name: state - type: keyword - description: > - State of a code scanning alert - - - name: severity - type: keyword - description: > - The severity of the secret scanning alert - - - name: repository - type: group - description: > - Information on the Github repository associated with the alert - - fields: - - name: name - type: keyword - description: > - The name of the repository. - - - name: html_url - type: keyword - description: > - The URL to view the repository on GitHub.com. - - - name: url - type: keyword - description: > - The URL to get more information about the repository from the GitHub API. - - - name: owner - type: group - description: > - Repository Owner - - fields: - - name: login - type: keyword + description: The time that push protection was bypassed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. diff --git a/packages/github/data_stream/secret_scanning/fields/is-transform-source-true.yml b/packages/github/data_stream/secret_scanning/fields/is-transform-source-true.yml new file mode 100644 index 000000000000..fd4766eacd52 --- /dev/null +++ b/packages/github/data_stream/secret_scanning/fields/is-transform-source-true.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "true" diff --git a/packages/github/data_stream/secret_scanning/fields/package-fields.yml b/packages/github/data_stream/secret_scanning/fields/package-fields.yml new file mode 100644 index 000000000000..0e22ea0bcab6 --- /dev/null +++ b/packages/github/data_stream/secret_scanning/fields/package-fields.yml @@ -0,0 +1,62 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. + - name: site_admin + type: boolean + description: Whether the owner is a site administrator. diff --git a/packages/github/data_stream/secret_scanning/sample_event.json b/packages/github/data_stream/secret_scanning/sample_event.json index 3c3bd9328ae1..dc60dd09b4fa 100644 --- a/packages/github/data_stream/secret_scanning/sample_event.json +++ b/packages/github/data_stream/secret_scanning/sample_event.json @@ -1,32 +1,34 @@ { "@timestamp": "2022-06-30T18:07:27.000Z", "agent": { - "ephemeral_id": "85b829d8-54c4-4280-960b-6ca42b7c1772", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "b651a7b7-f9b4-4d2c-a268-85adcaf38b31", + "id": "a998f341-28a4-4447-91a3-2f132fd17d6e", + "name": "elastic-agent-83267", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.secret_scanning", - "namespace": "ep", + "namespace": "15643", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "a998f341-28a4-4447-91a3-2f132fd17d6e", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "secret_scanning", "agent_id_status": "verified", "created": "2022-06-30T18:07:27Z", "dataset": "github.secret_scanning", - "ingested": "2024-01-18T16:01:42Z", - "original": "{\"created_at\":\"2022-06-30T18:07:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/secret-scanning/3\",\"number\":3,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"html_url\":\"https://github.com/sample_owner\",\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"secret\":\"npm_2vYJ3QzGXoGbEgMYduYS1k2M4D0wDu2opJbl\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"state\":\"open\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3\"}" + "ingested": "2024-10-30T03:20:24Z", + "original": "{\"created_at\":\"2022-06-30T18:07:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/secret-scanning/3\",\"number\":3,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"html_url\":\"https://github.com/sample_owner\",\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"secret\":\"npm_2vYJ3QzGXoGbEgMYduYS1k2M4D0wDu2opJbl\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"state\":\"open\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3\"}", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -59,9 +61,7 @@ "secret_type_display_name": "npm Access Token", "state": "open", "url": "https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3" - }, - "severity": "undefined", - "state": "open" + } }, "input": { "type": "httpjson" diff --git a/packages/github/docs/README.md b/packages/github/docs/README.md index 0421c811b953..1afbd9ebdb78 100644 --- a/packages/github/docs/README.md +++ b/packages/github/docs/README.md @@ -10,7 +10,7 @@ The GitHub audit log records all events related to the GitHub organization. See To use this integration, the following prerequisites must be met: - You must be an organization owner. - - You must be using Github Enterprise Cloud. + - You must be using GitHub Enterprise Cloud. - You must use a Personal Access Token with `read:audit_log` scope. *This integration is not compatible with GitHub Enterprise server.* @@ -114,7 +114,7 @@ An example event for `audit` looks as following: ### Code Scanning -The Code Scanning lets you retrieve all security vulnerabilities and coding errors from a repository setup using Github Advanced Security Code Scanning feature. See [About code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) for more details. +The Code Scanning lets you retrieve all security vulnerabilities and coding errors from a repository setup using GitHub Advanced Security Code Scanning feature. See [About code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) for more details. To use this integration, GitHub Apps must have the `security_events` read permission. Or use a personal access token with the `security_events` scope for private repos or `public_repo` scope for public repos. See [List code scanning alerts](https://docs.github.com/en/enterprise-cloud@latest/rest/code-scanning#list-code-scanning-alerts-for-a-repository) @@ -123,14 +123,15 @@ Or use a personal access token with the `security_events` scope for private repo | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| -| @timestamp | Event timestamp. | date | | | -| data_stream.dataset | Data stream dataset name. | constant_keyword | | | -| data_stream.namespace | Data stream namespace. | constant_keyword | | | -| data_stream.type | Data stream type. | constant_keyword | | | -| event.dataset | Event dataset | constant_keyword | | | -| event.module | Event module | constant_keyword | | | -| github.code_scanning.created_at | The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | -| github.code_scanning.dismissed_at | The time that the alert was dismissed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | | | +| event.kind | | constant_keyword | | | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | | +| github.code_scanning.created_at | The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| github.code_scanning.dismissed_at | The time that the alert was dismissed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.code_scanning.dismissed_by.email | | keyword | | | | github.code_scanning.dismissed_by.html_url | | keyword | | | | github.code_scanning.dismissed_by.id | | integer | | | @@ -141,13 +142,13 @@ Or use a personal access token with the `security_events` scope for private repo | github.code_scanning.dismissed_by.url | | keyword | | | | github.code_scanning.dismissed_comment | The dismissal comment associated with the dismissal of the alert. | keyword | | | | github.code_scanning.dismissed_reason | The reason for dismissing or closing the alert. | keyword | | | -| github.code_scanning.fixed_at | The time that the alert was no longer detected and was considered fixed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | +| github.code_scanning.fixed_at | The time that the alert was no longer detected and was considered fixed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.code_scanning.html_url | The GitHub URL of the alert resource. | keyword | | | -| github.code_scanning.instances_url | The REST API URL for fetching the list of instances for an alert | keyword | | | +| github.code_scanning.instances_url | The REST API URL for fetching the list of instances for an alert. | keyword | | | | github.code_scanning.most_recent_instance.analysis_key | Identifies the configuration under which the analysis was executed. For example, in GitHub Actions this includes the workflow filename and job name. | keyword | | | | github.code_scanning.most_recent_instance.category | Identifies the configuration under which the analysis was executed. Used to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. | keyword | | | | github.code_scanning.most_recent_instance.classifications | Classifications that have been applied to the file that triggered the alert.\nFor example identifying it as documentation, or a generated file. | keyword | | | -| github.code_scanning.most_recent_instance.commit_sha | Github commit sha | keyword | | | +| github.code_scanning.most_recent_instance.commit_sha | GitHub commit sha. | keyword | | | | github.code_scanning.most_recent_instance.environment | Identifies the variable values associated with the environment in which the analysis that generated this alert instance was performed, such as the language that was analyzed. | keyword | | | | github.code_scanning.most_recent_instance.html_url | | keyword | | | | github.code_scanning.most_recent_instance.location.end_column | | integer | | | @@ -157,38 +158,41 @@ Or use a personal access token with the `security_events` scope for private repo | github.code_scanning.most_recent_instance.location.start_line | | integer | | | | github.code_scanning.most_recent_instance.ref | The full Git reference, formatted as `refs/heads/\`,\n`refs/pull/\/merge`, or `refs/pull/\/head`. | keyword | | | | github.code_scanning.most_recent_instance.state | State of a code scanning alert. | keyword | | | -| github.code_scanning.number | The security alert number | integer | | | +| github.code_scanning.number | The security alert number. | integer | | | | github.code_scanning.rule.full_description | Description of the rule used to detect the alert. | text | | | -| github.code_scanning.rule.help | Detailed documentation for the rule as GitHub Flavored Markdown | text | | | -| github.code_scanning.rule.security_severity_level | The security severity of the alert | keyword | | | -| github.code_scanning.rule.severity | The severity of the alert | keyword | | | -| github.code_scanning.state | State of a code scanning alert | keyword | | | +| github.code_scanning.rule.help | Detailed documentation for the rule as GitHub Flavored Markdown. | text | | | +| github.code_scanning.rule.security_severity_level | The security severity of the alert. | keyword | | | +| github.code_scanning.rule.severity | The severity of the alert. | keyword | | | +| github.code_scanning.state | State of a code scanning alert. | keyword | | | | github.code_scanning.time_to_resolution.sec | The time taken to either dismiss or fix the alert in seconds. | long | s | gauge | | github.code_scanning.tool.guid | The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data. | keyword | | | | github.code_scanning.tool.name | The name of the tool used to generate the code scanning analysis. | keyword | | | | github.code_scanning.tool.version | The version of the tool used to generate the code scanning analysis. | keyword | | | -| github.code_scanning.updated_at | The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | -| github.code_scanning.url | The REST API URL of the alert resource | keyword | | | +| github.code_scanning.updated_at | The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| github.code_scanning.url | The REST API URL of the alert resource. | keyword | | | | github.repository.description | The repository description. | text | | | -| github.repository.fork | Whether the repository is a fork | boolean | | | +| github.repository.fork | Whether the repository is a fork. | boolean | | | | github.repository.full_name | The full, globally unique, name of the repository. | keyword | | | | github.repository.html_url | The URL to view the repository on GitHub.com. | keyword | | | | github.repository.id | A unique identifier of the repository. | integer | | | +| github.repository.is_in_organization | Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. | boolean | | | | github.repository.name | The name of the repository. | keyword | | | -| github.repository.owner.html_url | | keyword | | | -| github.repository.owner.id | | integer | | | -| github.repository.owner.login | | keyword | | | -| github.repository.owner.site_admin | | boolean | | | -| github.repository.owner.type | | keyword | | | -| github.repository.owner.url | | keyword | | | +| github.repository.owner.email | The public email of repository owner. | keyword | | | +| github.repository.owner.html_url | The HTTP URL for the repository owner. | keyword | | | +| github.repository.owner.id | ID of the repository owner. | integer | | | +| github.repository.owner.login | Login username of repository owner. | keyword | | | +| github.repository.owner.name | Name of repository owner. | keyword | | | +| github.repository.owner.site_admin | Whether the owner is a site administrator. | boolean | | | +| github.repository.owner.type | The type of the repository owner. Example - User. | keyword | | | +| github.repository.owner.url | The URL to get more information about the repository owner from the GitHub API. | keyword | | | | github.repository.private | Whether the repository is private. | boolean | | | | github.repository.url | The URL to get more information about the repository from the GitHub API. | keyword | | | -| github.severity | The security severity of the alert | keyword | | | -| github.state | State of a code scanning alert | keyword | | | | host.containerized | If the host is a container. | boolean | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | -| input.type | Type of Filebeat input. | keyword | | | +| input.type | Input Type. | keyword | | | +| labels.is_transform_source | Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. | constant_keyword | | | +| log.offset | Log Offset. | long | | | An example event for `code_scanning` looks as following: @@ -197,33 +201,34 @@ An example event for `code_scanning` looks as following: { "@timestamp": "2022-06-29T18:03:27.000Z", "agent": { - "ephemeral_id": "b359acfc-81ff-4631-8a85-05f9627d12e4", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "6ff86bf4-40bb-48d0-a0c3-7620a07cc706", + "id": "2b4faf01-5ea6-4888-8ea5-db817b2b8915", + "name": "elastic-agent-67340", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.code_scanning", - "namespace": "ep", + "namespace": "68459", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "2b4faf01-5ea6-4888-8ea5-db817b2b8915", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "code_scanning", "agent_id_status": "verified", "created": "2022-06-29T18:03:27.000Z", "dataset": "github.code_scanning", - "ingested": "2024-01-18T15:59:07Z", - "kind": "alert", - "original": "{\"created_at\":\"2022-06-29T18:03:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/code-scanning/91\",\"most_recent_instance\":{\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"classifications\":[],\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"location\":{\"end_column\":50,\"end_line\":67,\"path\":\"routes/chatbot.ts\",\"start_column\":23,\"start_line\":67},\"message\":{\"text\":\"(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.\"},\"ref\":\"refs/heads/master\",\"state\":\"open\"},\"number\":90,\"rule\":{\"description\":\"SQL database query built from user-controlled sources (experimental)\",\"id\":\"js/ml-powered/sql-injection\",\"security_severity_level\":\"high\",\"severity\":\"error\",\"tags\":[\"experimental\",\"external/cwe/cwe-089\",\"security\"]},\"state\":\"open\",\"tool\":{\"name\":\"CodeQL\",\"version\":\"2.9.4\"},\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/code-scanning/alerts/91\"}" + "ingested": "2024-10-30T03:17:27Z", + "original": "{\"created_at\":\"2022-06-29T18:03:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/code-scanning/91\",\"most_recent_instance\":{\"analysis_key\":\".github/workflows/codeql-analysis.yml:analyze\",\"category\":\".github/workflows/codeql-analysis.yml:analyze/language:javascript\",\"classifications\":[],\"commit_sha\":\"3244e8b15cc1b8f2732eecd69fc1890b737f0dda\",\"location\":{\"end_column\":50,\"end_line\":67,\"path\":\"routes/chatbot.ts\",\"start_column\":23,\"start_line\":67},\"message\":{\"text\":\"(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.(Experimental) This may be a database query that depends on a user-provided value. Identified using machine learning.\"},\"ref\":\"refs/heads/master\",\"state\":\"open\"},\"number\":90,\"rule\":{\"description\":\"SQL database query built from user-controlled sources (experimental)\",\"id\":\"js/ml-powered/sql-injection\",\"security_severity_level\":\"high\",\"severity\":\"error\",\"tags\":[\"experimental\",\"external/cwe/cwe-089\",\"security\"]},\"state\":\"open\",\"tool\":{\"name\":\"CodeQL\",\"version\":\"2.9.4\"},\"updated_at\":\"2022-06-29T18:03:27Z\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/code-scanning/alerts/91\"}", + "type": [ + "creation" + ] }, "github": { "code_scanning": { @@ -263,9 +268,7 @@ An example event for `code_scanning` looks as following: "login": "sample_owner" }, "url": "https://api.github.com/repos/sample_owner/sample_repo" - }, - "severity": "high", - "state": "open" + } }, "input": { "type": "httpjson" @@ -289,7 +292,7 @@ An example event for `code_scanning` looks as following: ### Secret Scanning -The Github Secret Scanning lets you retrieve secret scanning for advanced security alerts from a repository setup using Github Advanced Security Secret Scanning feature. See [About Secret scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning) for more details. +The GitHub Secret Scanning lets you retrieve secret scanning for advanced security alerts from a repository setup using GitHub Advanced Security Secret Scanning feature. See [About Secret scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning) for more details. To use this integration, GitHub Apps must have the `secret_scanning_alerts` read permission. Or you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the `repo` scope or `security_events` scope. For public repositories, you may instead use the `public_repo` scope. See [List secret scanning alerts](https://docs.github.com/en/enterprise-cloud@latest/rest/secret-scanning#list-secret-scanning-alerts-for-a-repository) @@ -298,22 +301,36 @@ Or you must be an administrator for the repository or for the organization that | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| -| @timestamp | Event timestamp. | date | | | -| data_stream.dataset | Data stream dataset name. | constant_keyword | | | -| data_stream.namespace | Data stream namespace. | constant_keyword | | | -| data_stream.type | Data stream type. | constant_keyword | | | -| event.dataset | Event dataset | constant_keyword | | | -| event.module | Event module | constant_keyword | | | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | | | +| event.kind | | constant_keyword | | | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | | +| github.repository.description | The repository description. | text | | | +| github.repository.fork | Whether the repository is a fork. | boolean | | | +| github.repository.full_name | The full, globally unique, name of the repository. | keyword | | | | github.repository.html_url | The URL to view the repository on GitHub.com. | keyword | | | +| github.repository.id | A unique identifier of the repository. | integer | | | +| github.repository.is_in_organization | Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. | boolean | | | | github.repository.name | The name of the repository. | keyword | | | -| github.repository.owner.login | | keyword | | | +| github.repository.owner.email | The public email of repository owner. | keyword | | | +| github.repository.owner.html_url | The HTTP URL for the repository owner. | keyword | | | +| github.repository.owner.id | ID of the repository owner. | integer | | | +| github.repository.owner.login | Login username of repository owner. | keyword | | | +| github.repository.owner.name | Name of repository owner. | keyword | | | +| github.repository.owner.site_admin | Whether the owner is a site administrator. | boolean | | | +| github.repository.owner.type | The type of the repository owner. Example - User. | keyword | | | +| github.repository.owner.url | The URL to get more information about the repository owner from the GitHub API. | keyword | | | +| github.repository.private | Whether the repository is private. | boolean | | | | github.repository.url | The URL to get more information about the repository from the GitHub API. | keyword | | | -| github.secret_scanning.created_at | The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | +| github.secret_scanning.created_at | The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.secret_scanning.html_url | The GitHub URL of the alert resource. | keyword | | | -| github.secret_scanning.locations_url | The REST API URL of the code locations for this alert | keyword | | | -| github.secret_scanning.number | The security alert number | integer | | | +| github.secret_scanning.locations_url | The REST API URL of the code locations for this alert. | keyword | | | +| github.secret_scanning.number | The security alert number. | integer | | | | github.secret_scanning.push_protection_bypassed | Whether push protection was bypassed for the detected secret. | boolean | | | -| github.secret_scanning.push_protection_bypassed_at | The time that push protection was bypassed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| github.secret_scanning.push_protection_bypassed_at | The time that push protection was bypassed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.secret_scanning.push_protection_bypassed_by.email | | keyword | | | | github.secret_scanning.push_protection_bypassed_by.html_url | | keyword | | | | github.secret_scanning.push_protection_bypassed_by.id | | integer | | | @@ -324,7 +341,7 @@ Or you must be an administrator for the repository or for the organization that | github.secret_scanning.push_protection_bypassed_by.type | | keyword | | | | github.secret_scanning.push_protection_bypassed_by.url | | keyword | | | | github.secret_scanning.resolution | Required when the `state` is `resolved`. The reason for resolving the alert. | keyword | | | -| github.secret_scanning.resolved_at | The time that the alert was resolved in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| github.secret_scanning.resolved_at | The time that the alert was resolved in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.secret_scanning.resolved_by.email | | keyword | | | | github.secret_scanning.resolved_by.html_url | | keyword | | | | github.secret_scanning.resolved_by.id | | integer | | | @@ -334,19 +351,19 @@ Or you must be an administrator for the repository or for the organization that | github.secret_scanning.resolved_by.site_admin | | boolean | | | | github.secret_scanning.resolved_by.type | | keyword | | | | github.secret_scanning.resolved_by.url | | keyword | | | -| github.secret_scanning.secret | The secret that was detected | keyword | | | -| github.secret_scanning.secret_type | The type of secret that secret scanning detected | keyword | | | -| github.secret_scanning.secret_type_display_name | User-friendly name for the detected secret, matching the `secret_type` | keyword | | | -| github.secret_scanning.state | Sets the state of the secret scanning alert. | keyword | | | +| github.secret_scanning.secret | The secret that was detected. | keyword | | | +| github.secret_scanning.secret_type | The type of secret that secret scanning detected. | keyword | | | +| github.secret_scanning.secret_type_display_name | User-friendly name for the detected secret, matching the `secret_type`. | keyword | | | +| github.secret_scanning.state | State of the secret scanning alert. | keyword | | | | github.secret_scanning.time_to_resolution.sec | The time taken to either fix the secret in seconds. | long | s | gauge | -| github.secret_scanning.updated_at | The time that the alert was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | +| github.secret_scanning.updated_at | The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.secret_scanning.url | The REST API URL of the alert resource | keyword | | | -| github.severity | The severity of the secret scanning alert | keyword | | | -| github.state | State of a code scanning alert | keyword | | | | host.containerized | If the host is a container. | boolean | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | -| input.type | Type of Filebeat input. | keyword | | | +| input.type | Input Type. | keyword | | | +| labels.is_transform_source | Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. | constant_keyword | | | +| log.offset | Log Offset. | long | | | An example event for `secret_scanning` looks as following: @@ -355,32 +372,34 @@ An example event for `secret_scanning` looks as following: { "@timestamp": "2022-06-30T18:07:27.000Z", "agent": { - "ephemeral_id": "85b829d8-54c4-4280-960b-6ca42b7c1772", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "b651a7b7-f9b4-4d2c-a268-85adcaf38b31", + "id": "a998f341-28a4-4447-91a3-2f132fd17d6e", + "name": "elastic-agent-83267", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.secret_scanning", - "namespace": "ep", + "namespace": "15643", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "a998f341-28a4-4447-91a3-2f132fd17d6e", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "secret_scanning", "agent_id_status": "verified", "created": "2022-06-30T18:07:27Z", "dataset": "github.secret_scanning", - "ingested": "2024-01-18T16:01:42Z", - "original": "{\"created_at\":\"2022-06-30T18:07:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/secret-scanning/3\",\"number\":3,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"html_url\":\"https://github.com/sample_owner\",\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"secret\":\"npm_2vYJ3QzGXoGbEgMYduYS1k2M4D0wDu2opJbl\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"state\":\"open\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3\"}" + "ingested": "2024-10-30T03:20:24Z", + "original": "{\"created_at\":\"2022-06-30T18:07:27Z\",\"html_url\":\"https://github.com/sample_owner/sample_repo/security/secret-scanning/3\",\"number\":3,\"push_protection_bypassed\":true,\"push_protection_bypassed_by\":{\"html_url\":\"https://github.com/sample_owner\",\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"resolution\":\"revoked\",\"resolved_by\":{\"login\":\"sample_owner\",\"type\":\"User\",\"url\":\"https://api.github.com/users/sample_owner\"},\"secret\":\"npm_2vYJ3QzGXoGbEgMYduYS1k2M4D0wDu2opJbl\",\"secret_type\":\"npm_access_token\",\"secret_type_display_name\":\"npm Access Token\",\"state\":\"open\",\"url\":\"https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3\"}", + "type": [ + "creation" + ] }, "github": { "repository": { @@ -413,9 +432,7 @@ An example event for `secret_scanning` looks as following: "secret_type_display_name": "npm Access Token", "state": "open", "url": "https://api.github.com/repos/sample_owner/sample_repo/secret-scanning/alerts/3" - }, - "severity": "undefined", - "state": "open" + } }, "input": { "type": "httpjson" @@ -431,7 +448,7 @@ An example event for `secret_scanning` looks as following: ### Dependabot -The Github Dependabot lets you retrieve known vulnerabilites in dependencies from a repository setup using Github Advanced Security Dependabot feature. See [About Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) for more details. +The GitHub Dependabot lets you retrieve known vulnerabilites in dependencies from a repository setup using GitHub Advanced Security Dependabot feature. See [About Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) for more details. To use this integration, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the `repo` scope or `security_events` scope. For public repositories, you may instead use the `public_repo` scope. See [Authenticating with GraphQL](https://docs.github.com/en/graphql/guides/forming-calls-with-graphql#authenticating-with-graphql) and [Token Issue](https://github.com/dependabot/feedback/issues/169) @@ -439,17 +456,18 @@ To use this integration, you must be an administrator for the repository or for | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | -| data_stream.dataset | Data stream dataset name. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| event.dataset | Event dataset | constant_keyword | -| event.module | Event module | constant_keyword | -| github.dependabot.created_at | When was the alert created | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | +| event.kind | | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | +| github.dependabot.created_at | When was the alert created. | date | | github.dependabot.dependabot_update.error.body | The body of the error. | text | | github.dependabot.dependabot_update.error.error_type | The error code. | keyword | | github.dependabot.dependabot_update.error.title | The title of the error. | keyword | -| github.dependabot.dependabot_update.pull_request.closed | `true` if the pull request is closed. | boolean | +| github.dependabot.dependabot_update.pull_request.closed | If the pull request is closed. | boolean | | github.dependabot.dependabot_update.pull_request.closed_at | Identifies the date and time when the pull request was closed. | date | | github.dependabot.dependabot_update.pull_request.created_at | Identifies the date and time when the pull request was created. | date | | github.dependabot.dependabot_update.pull_request.merged | Whether or not the pull request was merged. | boolean | @@ -459,10 +477,10 @@ To use this integration, you must be an administrator for the repository or for | github.dependabot.dependabot_update.pull_request.url | The HTTP URL for this pull request. | keyword | | github.dependabot.dependency_scope | The scope of an alert's dependency. | keyword | | github.dependabot.dismiss_reason | The reason the alert was dismissed. | keyword | -| github.dependabot.dismissed_at | When was the alert dismissed | date | +| github.dependabot.dismissed_at | When was the alert dismissed. | date | | github.dependabot.dismisser.login | The username of the dismisser. | keyword | | github.dependabot.dismisser.url | The HTTP URL for this user. | keyword | -| github.dependabot.fixed_at | When was the alert fixed | date | +| github.dependabot.fixed_at | When was the alert fixed. | date | | github.dependabot.number | Identifies the alert number. | integer | | github.dependabot.security_advisory.classification | The classification of the advisory. | keyword | | github.dependabot.security_advisory.cvss.vector_string | The CVSS vector string associated with this advisory. | keyword | @@ -490,19 +508,29 @@ To use this integration, you must be an administrator for the repository or for | github.dependabot.vulnerable_manifest_filename | The vulnerable manifest filename. | keyword | | github.dependabot.vulnerable_manifest_path | The vulnerable manifest path. | keyword | | github.dependabot.vulnerable_requirements | The vulnerable requirements. | keyword | -| github.repository.description | The description of the repository. | text | +| github.repository.description | The repository description. | text | +| github.repository.fork | Whether the repository is a fork. | boolean | +| github.repository.full_name | The full, globally unique, name of the repository. | keyword | +| github.repository.html_url | The URL to view the repository on GitHub.com. | keyword | +| github.repository.id | A unique identifier of the repository. | integer | | github.repository.is_in_organization | Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. | boolean | -| github.repository.is_private | Identifies if the repository is private or internal. | boolean | -| github.repository.name | Identifies if the repository is private or internal. | keyword | -| github.repository.owner.login | The username of the dismisser. | keyword | -| github.repository.owner.url | The HTTP URL for this user | keyword | -| github.repository.url | The HTTP URL for this repository. | keyword | -| github.severity | The severity of the advisory. | keyword | -| github.state | Identifies the state of the alert. | keyword | +| github.repository.name | The name of the repository. | keyword | +| github.repository.owner.email | The public email of repository owner. | keyword | +| github.repository.owner.html_url | The HTTP URL for the repository owner. | keyword | +| github.repository.owner.id | ID of the repository owner. | integer | +| github.repository.owner.login | Login username of repository owner. | keyword | +| github.repository.owner.name | Name of repository owner. | keyword | +| github.repository.owner.site_admin | Whether the owner is a site administrator. | boolean | +| github.repository.owner.type | The type of the repository owner. Example - User. | keyword | +| github.repository.owner.url | The URL to get more information about the repository owner from the GitHub API. | keyword | +| github.repository.private | Whether the repository is private. | boolean | +| github.repository.url | The URL to get more information about the repository from the GitHub API. | keyword | | host.containerized | If the host is a container. | boolean | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | -| input.type | Type of Filebeat input. | keyword | +| input.type | Input Type. | keyword | +| labels.is_transform_source | Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. | constant_keyword | +| log.offset | Log Offset. | long | An example event for `dependabot` looks as following: @@ -511,34 +539,35 @@ An example event for `dependabot` looks as following: { "@timestamp": "2022-07-11T11:39:07.000Z", "agent": { - "ephemeral_id": "786d0d42-a64a-43ae-846d-03d72b473384", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "e7f76da2-a5c1-461e-afff-c8d8aaab6f63", + "id": "63db2a58-1665-44a9-b23a-4dd2b0be9bd6", + "name": "elastic-agent-88319", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.dependabot", - "namespace": "ep", + "namespace": "20232", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "63db2a58-1665-44a9-b23a-4dd2b0be9bd6", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "dependabot", "agent_id_status": "verified", "created": "2022-07-11T11:39:07.000Z", "dataset": "github.dependabot", - "ingested": "2024-01-18T15:59:57Z", - "kind": "alert", + "ingested": "2024-10-30T03:18:26Z", "original": "{\"createdAt\":\"2022-07-11T11:39:07Z\",\"dependabotUpdate\":{\"error\":{\"body\":\"The currently installed version can't be determined.\\n\\nTo resolve the issue add a supported lockfile (package-lock.json or yarn.lock).\",\"errorType\":\"dependency_file_not_supported\",\"title\":\"Dependabot can't update vulnerable dependencies without a lockfile\"},\"pullRequest\":null},\"dependencyScope\":\"RUNTIME\",\"dismissReason\":null,\"dismissedAt\":null,\"dismisser\":null,\"fixedAt\":null,\"number\":1,\"repository\":{\"description\":\"OWASP Juice Shop: Probably the most modern and sophisticated insecure web application\",\"isInOrganization\":false,\"isPrivate\":false,\"name\":\"sample_repo\",\"owner\":{\"login\":\"sample_owner\",\"url\":\"https://github.com/sample_owner\"},\"url\":\"https://github.com/sample_owner/sample_repo\"},\"securityAdvisory\":{\"classification\":\"GENERAL\",\"cvss\":{\"score\":0,\"vectorString\":null},\"cwes\":{\"nodes\":[{\"cweId\":\"CWE-20\",\"description\":\"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.\",\"name\":\"Improper Input Validation\"}]},\"description\":\"Versions 4.2.1 and earlier of `jsonwebtoken` are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.\\n\\n\\n\\n\\n## Recommendation\\n\\nUpdate to version 4.2.2 or later.\",\"ghsaId\":\"GHSA-c7hr-j4mj-j2w6\",\"identifiers\":[{\"type\":\"GHSA\",\"value\":\"GHSA-c7hr-j4mj-j2w6\"},{\"type\":\"CVE\",\"value\":\"CVE-2015-9235\"}],\"origin\":\"UNSPECIFIED\",\"permalink\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\",\"publishedAt\":\"2018-10-09T00:38:30Z\",\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2015-9235\"},{\"url\":\"https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687\"},{\"url\":\"https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/\"},{\"url\":\"https://github.com/advisories/GHSA-c7hr-j4mj-j2w6\"},{\"url\":\"https://www.npmjs.com/advisories/17\"},{\"url\":\"https://www.timmclean.net/2015/02/25/jwt-alg-none.html\"},{\"url\":\"https://nodesecurity.io/advisories/17\"}],\"severity\":\"CRITICAL\",\"summary\":\"Verification Bypass in jsonwebtoken\",\"updatedAt\":\"2021-01-08T19:00:39Z\",\"withdrawnAt\":null},\"securityVulnerability\":{\"firstPatchedVersion\":{\"identifier\":\"4.2.2\"},\"package\":{\"ecosystem\":\"NPM\",\"name\":\"jsonwebtoken\"},\"severity\":\"CRITICAL\",\"updatedAt\":\"2018-11-30T19:54:28Z\",\"vulnerableVersionRange\":\"\\u003c 4.2.2\"},\"state\":\"OPEN\",\"vulnerableManifestFilename\":\"package.json\",\"vulnerableManifestPath\":\"package.json\",\"vulnerableRequirements\":\"= 0.4.0\"}", - "start": "2022-07-11T11:39:07Z" + "start": "2022-07-11T11:39:07Z", + "type": [ + "creation" + ] }, "github": { "dependabot": { @@ -598,16 +627,14 @@ An example event for `dependabot` looks as following: "repository": { "description": "OWASP Juice Shop: Probably the most modern and sophisticated insecure web application", "is_in_organization": false, - "is_private": false, "name": "sample_repo", "owner": { "login": "sample_owner", "url": "https://github.com/sample_owner" }, + "private": false, "url": "https://github.com/sample_owner/sample_repo" - }, - "severity": "critical", - "state": "open" + } }, "input": { "type": "httpjson" @@ -644,22 +671,23 @@ An example event for `dependabot` looks as following: ### Issues -The Github Issues datastream lets you retrieve github issues, including pull requests, issue assignees, comments, labels, and milestones. See [About Issues](https://docs.github.com/en/rest/issues/issues?apiVersion=latest) for more details. You can retrieve issues for specific repository or for entire organization. Since Github API considers pull requests as issues, users can use `github.issues.is_pr` field to filter for only pull requests. +The GitHub Issues datastream lets you retrieve github issues, including pull requests, issue assignees, comments, labels, and milestones. See [About Issues](https://docs.github.com/en/rest/issues/issues?apiVersion=latest) for more details. You can retrieve issues for specific repository or for entire organization. Since GitHub API considers pull requests as issues, users can use `github.issues.is_pr` field to filter for only pull requests. All issues including `closed` are retrieved by default. If users want to retrieve only `open` requests, you need to change `State` parameter to `open`. -To use this integration, users must use Github Apps or Personal Access Token with `read` permission to repositories or organization. Please refer to [Github Apps Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=latest) and [Personal Access Token Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=latest) for more details. +To use this integration, users must use GitHub Apps or Personal Access Token with `read` permission to repositories or organization. Please refer to [GitHub Apps Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-github-apps?apiVersion=latest) and [Personal Access Token Permissions Required](https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=latest) for more details. **Exported fields** | Field | Description | Type | Unit | Metric Type | |---|---|---|---|---| -| @timestamp | Event timestamp. | date | | | -| data_stream.dataset | Data stream dataset name. | constant_keyword | | | -| data_stream.namespace | Data stream namespace. | constant_keyword | | | -| data_stream.type | Data stream type. | constant_keyword | | | -| event.dataset | Event dataset | constant_keyword | | | -| event.module | Event module | constant_keyword | | | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | | | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | | | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | constant_keyword | | | +| event.kind | | constant_keyword | | | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | | | | github.issues.active_lock_reason | | keyword | | | | github.issues.assignee.email | | keyword | | | | github.issues.assignee.html_url | | keyword | | | @@ -669,10 +697,10 @@ To use this integration, users must use Github Apps or Personal Access Token wit | github.issues.assignee.site_admin | | boolean | | | | github.issues.assignee.type | | keyword | | | | github.issues.assignee.url | | keyword | | | -| github.issues.assignees | Information of users who were assigned the issue | flattened | | | +| github.issues.assignees | Information of users who were assigned the issue. | flattened | | | | github.issues.author_association | | keyword | | | | github.issues.body | | text | | | -| github.issues.closed_at | The time that the issue was closed in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | +| github.issues.closed_at | The time that the issue was closed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.issues.closed_by.email | | keyword | | | | github.issues.closed_by.html_url | | keyword | | | | github.issues.closed_by.id | | integer | | | @@ -683,11 +711,11 @@ To use this integration, users must use Github Apps or Personal Access Token wit | github.issues.closed_by.url | | keyword | | | | github.issues.comments | | integer | | | | github.issues.comments_url | | keyword | | | -| github.issues.created_at | The time that the issue was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | +| github.issues.created_at | The time that the issue was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | | github.issues.draft | | boolean | | | | github.issues.events_url | | keyword | | | | github.issues.html_url | | keyword | | | -| github.issues.id | The id of github issue | integer | | | +| github.issues.id | The id of GitHub issue. | integer | | | | github.issues.is_pr | | boolean | | | | github.issues.labels.description | | keyword | | | | github.issues.labels.integration | | keyword | | | @@ -695,20 +723,20 @@ To use this integration, users must use Github Apps or Personal Access Token wit | github.issues.labels.team | | keyword | | | | github.issues.labels_url | | keyword | | | | github.issues.locked | | boolean | | | -| github.issues.node_id | The node_id of github issue | keyword | | | +| github.issues.node_id | The node_id of GitHub issue. | keyword | | | | github.issues.number | | integer | | | | github.issues.pull_request.diff_url | | keyword | | | | github.issues.pull_request.html_url | | keyword | | | | github.issues.pull_request.patch_url | | keyword | | | | github.issues.pull_request.url | | keyword | | | -| github.issues.repository_url | The repository containing the github issue | keyword | | | +| github.issues.repository_url | The repository containing the GitHub issue. | keyword | | | | github.issues.state | | keyword | | | | github.issues.state_reason | | keyword | | | | github.issues.time_to_close.sec | The time taken to close an issue in seconds. | long | s | gauge | | github.issues.timeline_url | | keyword | | | | github.issues.title | | keyword | | | -| github.issues.updated_at | The time that the issue was last updated in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ` | date | | | -| github.issues.url | The url of github issue | keyword | | | +| github.issues.updated_at | The time that the issue was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. | date | | | +| github.issues.url | The url of GitHub issue. | keyword | | | | github.issues.user.email | | keyword | | | | github.issues.user.html_url | | keyword | | | | github.issues.user.id | | integer | | | @@ -718,15 +746,28 @@ To use this integration, users must use Github Apps or Personal Access Token wit | github.issues.user.type | | keyword | | | | github.issues.user.url | | keyword | | | | github.repository.description | The repository description. | text | | | +| github.repository.fork | Whether the repository is a fork. | boolean | | | +| github.repository.full_name | The full, globally unique, name of the repository. | keyword | | | | github.repository.html_url | The URL to view the repository on GitHub.com. | keyword | | | +| github.repository.id | A unique identifier of the repository. | integer | | | +| github.repository.is_in_organization | Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. | boolean | | | | github.repository.name | The name of the repository. | keyword | | | -| github.repository.owner.login | | keyword | | | +| github.repository.owner.email | The public email of repository owner. | keyword | | | +| github.repository.owner.html_url | The HTTP URL for the repository owner. | keyword | | | +| github.repository.owner.id | ID of the repository owner. | integer | | | +| github.repository.owner.login | Login username of repository owner. | keyword | | | +| github.repository.owner.name | Name of repository owner. | keyword | | | +| github.repository.owner.site_admin | Whether the owner is a site administrator. | boolean | | | +| github.repository.owner.type | The type of the repository owner. Example - User. | keyword | | | +| github.repository.owner.url | The URL to get more information about the repository owner from the GitHub API. | keyword | | | +| github.repository.private | Whether the repository is private. | boolean | | | | github.repository.url | The URL to get more information about the repository from the GitHub API. | keyword | | | -| github.state | State of github issue | keyword | | | | host.containerized | If the host is a container. | boolean | | | | host.os.build | OS build information. | keyword | | | | host.os.codename | OS codename, if any. | keyword | | | -| input.type | Type of Filebeat input. | keyword | | | +| input.type | Input Type. | keyword | | | +| labels.is_transform_source | Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. | constant_keyword | | | +| log.offset | Log Offset. | long | | | An example event for `issues` looks as following: @@ -735,33 +776,34 @@ An example event for `issues` looks as following: { "@timestamp": "2011-04-22T13:33:48.000Z", "agent": { - "ephemeral_id": "584c482b-3ffa-4d41-8926-c8194940a361", - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", - "name": "docker-fleet-agent", + "ephemeral_id": "24244f5f-9ce8-4ce3-983d-e172bb7f9fad", + "id": "1cd88ff5-88f4-4117-b49f-204bb2d5e1c3", + "name": "elastic-agent-46814", "type": "filebeat", - "version": "8.12.0" + "version": "8.13.0" }, "data_stream": { "dataset": "github.issues", - "namespace": "ep", + "namespace": "81948", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "ad5c3ec8-3015-4cd2-a269-a2f3df062a2c", + "id": "1cd88ff5-88f4-4117-b49f-204bb2d5e1c3", "snapshot": false, - "version": "8.12.0" + "version": "8.13.0" }, "event": { - "action": "event", "agent_id_status": "verified", "created": "2011-04-22T13:33:48.000Z", "dataset": "github.issues", - "ingested": "2024-01-18T16:00:55Z", - "kind": "event", - "original": "{\"active_lock_reason\":\"too heated\",\"assignee\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"assignees\":[{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}],\"author_association\":\"COLLABORATOR\",\"body\":\"I'm having a problem with this.\",\"closed_at\":null,\"closed_by\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"comments\":0,\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"created_at\":\"2011-04-22T13:33:48Z\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"id\":1,\"labels\":[{\"color\":\"f29513\",\"default\":true,\"description\":\"Something isn't working\",\"id\":208045946,\"name\":\"bug\",\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\"}],\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"locked\":true,\"milestone\":{\"closed_at\":\"2013-02-12T13:22:01Z\",\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"creator\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"description\":\"Tracking milestone for version 1.0\",\"due_on\":\"2012-10-09T23:39:01Z\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"id\":1002604,\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"open_issues\":4,\"state\":\"open\",\"title\":\"v1.0\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\"},\"node_id\":\"MDU6SXNzdWUx\",\"number\":1347,\"pull_request\":{\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\"},\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"state\":\"open\",\"state_reason\":\"completed\",\"title\":\"Found a bug\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"user\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}}" + "ingested": "2024-10-30T03:19:25Z", + "original": "{\"active_lock_reason\":\"too heated\",\"assignee\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"assignees\":[{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}],\"author_association\":\"COLLABORATOR\",\"body\":\"I'm having a problem with this.\",\"closed_at\":null,\"closed_by\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"comments\":0,\"comments_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/comments\",\"created_at\":\"2011-04-22T13:33:48Z\",\"events_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/events\",\"html_url\":\"https://github.com/octocat/Hello-World/issues/1347\",\"id\":1,\"labels\":[{\"color\":\"f29513\",\"default\":true,\"description\":\"Something isn't working\",\"id\":208045946,\"name\":\"bug\",\"node_id\":\"MDU6TGFiZWwyMDgwNDU5NDY=\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/labels/bug\"}],\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347/labels{/name}\",\"locked\":true,\"milestone\":{\"closed_at\":\"2013-02-12T13:22:01Z\",\"closed_issues\":8,\"created_at\":\"2011-04-10T20:09:31Z\",\"creator\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"},\"description\":\"Tracking milestone for version 1.0\",\"due_on\":\"2012-10-09T23:39:01Z\",\"html_url\":\"https://github.com/octocat/Hello-World/milestones/v1.0\",\"id\":1002604,\"labels_url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1/labels\",\"node_id\":\"MDk6TWlsZXN0b25lMTAwMjYwNA==\",\"number\":1,\"open_issues\":4,\"state\":\"open\",\"title\":\"v1.0\",\"updated_at\":\"2014-03-03T18:58:10Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/milestones/1\"},\"node_id\":\"MDU6SXNzdWUx\",\"number\":1347,\"pull_request\":{\"diff_url\":\"https://github.com/octocat/Hello-World/pull/1347.diff\",\"html_url\":\"https://github.com/octocat/Hello-World/pull/1347\",\"patch_url\":\"https://github.com/octocat/Hello-World/pull/1347.patch\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/pulls/1347\"},\"repository_url\":\"https://api.github.com/repos/octocat/Hello-World\",\"state\":\"open\",\"state_reason\":\"completed\",\"title\":\"Found a bug\",\"updated_at\":\"2011-04-22T13:33:48Z\",\"url\":\"https://api.github.com/repos/octocat/Hello-World/issues/1347\",\"user\":{\"avatar_url\":\"https://github.com/images/error/octocat_happy.gif\",\"events_url\":\"https://api.github.com/users/octocat/events{/privacy}\",\"followers_url\":\"https://api.github.com/users/octocat/followers\",\"following_url\":\"https://api.github.com/users/octocat/following{/other_user}\",\"gists_url\":\"https://api.github.com/users/octocat/gists{/gist_id}\",\"gravatar_id\":\"\",\"html_url\":\"https://github.com/octocat\",\"id\":1,\"login\":\"octocat\",\"node_id\":\"MDQ6VXNlcjE=\",\"organizations_url\":\"https://api.github.com/users/octocat/orgs\",\"received_events_url\":\"https://api.github.com/users/octocat/received_events\",\"repos_url\":\"https://api.github.com/users/octocat/repos\",\"site_admin\":false,\"starred_url\":\"https://api.github.com/users/octocat/starred{/owner}{/repo}\",\"subscriptions_url\":\"https://api.github.com/users/octocat/subscriptions\",\"type\":\"User\",\"url\":\"https://api.github.com/users/octocat\"}}", + "type": [ + "creation" + ] }, "github": { "issues": { @@ -796,7 +838,7 @@ An example event for `issues` looks as following: }, "comments": 0, "comments_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/comments", - "created_at": "2011-04-22T13:33:48Z", + "created_at": "2011-04-22T13:33:48.000Z", "events_url": "https://api.github.com/repos/octocat/Hello-World/issues/1347/events", "html_url": "https://github.com/octocat/Hello-World/issues/1347", "id": 1, @@ -818,6 +860,7 @@ An example event for `issues` looks as following: "url": "https://api.github.com/repos/octocat/Hello-World/pulls/1347" }, "repository_url": "https://api.github.com/repos/octocat/Hello-World", + "state": "open", "state_reason": "completed", "title": "Found a bug", "updated_at": "2011-04-22T13:33:48.000Z", @@ -838,8 +881,7 @@ An example event for `issues` looks as following: "login": "octocat" }, "url": "https://api.github.com/repos/octocat/Hello-World" - }, - "state": "open" + } }, "input": { "type": "httpjson" diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/agent.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/agent.yml new file mode 100644 index 000000000000..3a1b4c228964 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/agent.yml @@ -0,0 +1,23 @@ +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: containerized + type: boolean + description: If the host is a container. + - name: os.build + type: keyword + example: "18D109" + description: OS build information. + - name: os.codename + type: keyword + example: "stretch" + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/base-fields.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/base-fields.yml new file mode 100644 index 000000000000..0651037f3aa3 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: event.module + type: constant_keyword + value: github + external: ecs +- name: event.dataset + type: constant_keyword + value: github.code_scanning + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/ecs.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/ecs.yml new file mode 100644 index 000000000000..8cfb27932923 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/ecs.yml @@ -0,0 +1,40 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: error.message +- external: ecs + name: event.action +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.created +- external: ecs + name: event.ingested +- external: ecs + name: event.kind + type: constant_keyword + value: alert +- external: ecs + name: event.original +- external: ecs + name: event.type +- external: ecs + name: rule.description +- external: ecs + name: rule.id +- external: ecs + name: rule.name +- external: ecs + name: tags diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/fields.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/fields.yml new file mode 100644 index 000000000000..614b8a8a7d8b --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/fields.yml @@ -0,0 +1,133 @@ +- name: github + type: group + fields: + - name: code_scanning + type: group + fields: + - name: number + type: integer + description: The security alert number. + - name: created_at + type: date + description: The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: updated_at + type: date + description: The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: url + type: keyword + description: The REST API URL of the alert resource. + - name: html_url + type: keyword + description: The GitHub URL of the alert resource. + - name: state + type: keyword + description: State of a code scanning alert. + - name: instances_url + type: keyword + description: The REST API URL for fetching the list of instances for an alert. + - name: fixed_at + type: date + description: The time that the alert was no longer detected and was considered fixed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: dismissed_by + type: group + description: Information of user who dismissed the alert. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: dismissed_at + type: date + description: The time that the alert was dismissed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: dismissed_reason + type: keyword + description: The reason for dismissing or closing the alert. + - name: dismissed_comment + type: keyword + description: The dismissal comment associated with the dismissal of the alert. + - name: time_to_resolution.sec + type: long + format: duration + unit: s + metric_type: gauge + description: The time taken to either dismiss or fix the alert in seconds. + - name: rule + type: group + fields: + - name: severity + type: keyword + description: The severity of the alert. + - name: security_severity_level + type: keyword + description: The security severity of the alert. + - name: full_description + type: text + description: Description of the rule used to detect the alert. + - name: help + type: text + description: Detailed documentation for the rule as GitHub Flavored Markdown. + - name: tool + type: group + fields: + - name: name + type: keyword + description: The name of the tool used to generate the code scanning analysis. + - name: version + type: keyword + description: The version of the tool used to generate the code scanning analysis. + - name: guid + type: keyword + description: The GUID of the tool used to generate the code scanning analysis, if provided in the uploaded SARIF data. + - name: most_recent_instance + type: group + description: Most recent instance of this alert for the default branch or for the specified Git reference. + fields: + - name: ref + type: keyword + description: The full Git reference, formatted as `refs/heads/`,\n`refs/pull//merge`, or `refs/pull//head`. + - name: analysis_key + type: keyword + description: Identifies the configuration under which the analysis was executed. For example, in GitHub Actions this includes the workflow filename and job name. + - name: environment + type: keyword + description: Identifies the variable values associated with the environment in which the analysis that generated this alert instance was performed, such as the language that was analyzed. + - name: category + type: keyword + description: Identifies the configuration under which the analysis was executed. Used to distinguish between multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. + - name: state + type: keyword + description: State of a code scanning alert. + - name: commit_sha + type: keyword + description: GitHub commit sha. + - name: location + type: group + description: Describe a region within a file for the alert. + fields: + - name: path + type: keyword + - name: start_line + type: integer + - name: end_line + type: integer + - name: start_column + type: integer + - name: end_column + type: integer + - name: html_url + type: keyword + - name: classifications + type: keyword + description: Classifications that have been applied to the file that triggered the alert.\nFor example identifying it as documentation, or a generated file. diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/is-transform-source-false.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/is-transform-source-false.yml new file mode 100644 index 000000000000..490a079e7a73 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/is-transform-source-false.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "false" diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/fields/package-fields.yml b/packages/github/elasticsearch/transform/latest_code_scanning/fields/package-fields.yml new file mode 100644 index 000000000000..39846f42be5e --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/fields/package-fields.yml @@ -0,0 +1,59 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/manifest.yml b/packages/github/elasticsearch/transform/latest_code_scanning/manifest.yml new file mode 100644 index 000000000000..24e9e9267935 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/manifest.yml @@ -0,0 +1,11 @@ +start: true +destination_index_template: + mappings: + dynamic: true + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/github/elasticsearch/transform/latest_code_scanning/transform.yml b/packages/github/elasticsearch/transform/latest_code_scanning/transform.yml new file mode 100644 index 000000000000..06958284992b --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_code_scanning/transform.yml @@ -0,0 +1,42 @@ +# Use of "*" to use all namespaces defined. +source: + index: + - "logs-github.code_scanning-*" +# The version suffix on the dest.index should be incremented if a breaking +# change is made to the index mapping. You must also bump the +# fleet_transform_version for any change to this transform configuration to +# take effect. The old destination index is not automatically removed. We are +# dependent on https://github.com/elastic/package-spec/issues/523 to give us +# that ability in order to prevent having duplicate data and prevent query +# time field type conflicts. +dest: + index: "logs-github_latest.dest_code_scanning-1" + aliases: + - alias: "logs-github_latest.code_scanning" + move_on_creation: true +latest: + unique_key: + - github.repository.owner.login + - github.repository.name + - github.code_scanning.number + - github.code_scanning.created_at + sort: "event.ingested" +description: >- + Latest Code Scanning Alerts from Github's Code Scanning. As code scanning alerts get updated (dismissed/reopened), this transform stores only the latest state of each code scanning alert inside the destination index. Thus the transform's destination index contains only the latest state of the alerts. +frequency: 30s +settings: + # This is required to prevent the transform from clobbering the Fleet-managed mappings. + deduce_mappings: false + unattended: true +sync: + time: + field: "event.ingested" + # Updated to 120s because of refresh delay in Serverless. With default 60s, + # sometimes transform wouldn't process all documents. + delay: 120s +_meta: + managed: false + # Bump this version to delete, reinstall, and restart the transform during + # package installation. + fleet_transform_version: 1.0.0 + run_as_kibana_system: false diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/agent.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/agent.yml new file mode 100644 index 000000000000..3a1b4c228964 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/agent.yml @@ -0,0 +1,23 @@ +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: containerized + type: boolean + description: If the host is a container. + - name: os.build + type: keyword + example: "18D109" + description: OS build information. + - name: os.codename + type: keyword + example: "stretch" + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/base-fields.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/base-fields.yml new file mode 100644 index 000000000000..8725015d482f --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: event.module + type: constant_keyword + value: github + external: ecs +- name: event.dataset + type: constant_keyword + value: github.dependabot + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/ecs.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/ecs.yml new file mode 100644 index 000000000000..de5bf0a10769 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/ecs.yml @@ -0,0 +1,62 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: error.message +- external: ecs + name: event.action +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.created +- external: ecs + name: event.end +- external: ecs + name: event.ingested +- external: ecs + name: event.kind + type: constant_keyword + value: alert +- external: ecs + name: event.original +- external: ecs + name: event.start +- external: ecs + name: event.type +- external: ecs + name: related.user +- external: ecs + name: user.id +- external: ecs + name: user.name +- external: ecs + name: tags +- external: ecs + name: vulnerability.classification +- external: ecs + name: vulnerability.description +- external: ecs + name: vulnerability.enumeration +- external: ecs + name: vulnerability.id +- external: ecs + name: vulnerability.reference +- external: ecs + name: vulnerability.scanner.vendor +- external: ecs + name: vulnerability.score.base +- external: ecs + name: vulnerability.score.version +- external: ecs + name: vulnerability.severity diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/fields.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/fields.yml new file mode 100644 index 000000000000..07c05b0c926b --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/fields.yml @@ -0,0 +1,172 @@ +- name: github + type: group + fields: + - name: dependabot + type: group + fields: + - name: created_at + type: date + description: When was the alert created. + - name: dependabot_update + type: group + description: A Dependabot Update for a dependency in a repository. + fields: + - name: error + type: group + description: The error from a dependency update. + fields: + - name: body + type: text + description: The body of the error. + - name: error_type + type: keyword + description: The error code. + - name: title + type: keyword + description: The title of the error. + - name: pull_request + type: group + description: The associated pull request. + fields: + - name: created_at + type: date + description: Identifies the date and time when the pull request was created. + - name: closed + type: boolean + description: If the pull request is closed. + - name: closed_at + type: date + description: Identifies the date and time when the pull request was closed. + - name: merged + type: boolean + description: Whether or not the pull request was merged. + - name: merged_at + type: date + description: The date and time that the pull request was merged. + - name: number + type: integer + description: Identifies the pull request number. + - name: url + type: keyword + description: The HTTP URL for this pull request. + - name: title + type: keyword + description: Identifies the pull request title. + - name: dependency_scope + type: keyword + description: The scope of an alert's dependency. + - name: dismiss_reason + type: keyword + description: The reason the alert was dismissed. + - name: dismissed_at + type: date + description: When was the alert dismissed. + - name: dismisser + type: group + fields: + - name: login + type: keyword + description: The username of the dismisser. + - name: url + type: keyword + description: The HTTP URL for this user. + - name: fixed_at + type: date + description: When was the alert fixed. + - name: number + type: integer + description: Identifies the alert number. + - name: security_advisory + type: group + description: The associated security advisory. + fields: + - name: classification + type: keyword + description: The classification of the advisory. + - name: cvss + type: group + description: The CVSS associated with this advisory. + fields: + - name: vector_string + type: keyword + description: The CVSS vector string associated with this advisory. + - name: cwes + type: nested + description: CWEs associated with this Advisory. + - name: cwes.cwe_id + type: keyword + description: The id of the CWE. + - name: cwes.description + type: keyword + description: The name of this CWE. + - name: cwes.name + type: keyword + description: A detailed description of this CWE. + - name: ghsa_id + type: keyword + description: The GitHub Security Advisory ID. + - name: identifiers + type: nested + description: A list of identifiers for this advisory. + - name: identifiers.type + type: keyword + description: The identifier type, e.g. GHSA, CVE. + - name: identifiers.value + type: keyword + description: The identifier. + - name: origin + type: keyword + description: The organization that originated the advisory. + - name: permalink + type: keyword + description: The permalink for the advisory. + - name: published_at + type: date + description: When the advisory was published. + - name: severity + type: keyword + description: The severity of the advisory. + - name: summary + type: keyword + description: A short plaintext summary of the advisory. + - name: updated_at + type: date + description: When the advisory was last updated. + - name: withdrawn_at + type: date + description: When the advisory was withdrawn, if it has been withdrawn. + - name: security_vulnerability + type: group + description: The associated security vulnerability. + fields: + - name: first_patched_version.identifier + type: keyword + description: The first version containing a fix for the vulnerability. + - name: package + type: group + description: A description of the vulnerable package. + fields: + - name: ecosystem + type: keyword + description: The ecosystem the package belongs to, e.g. RUBYGEMS, NPM. + - name: name + type: keyword + description: The package name. + - name: updated_at + type: date + description: When the vulnerability was last updated. + - name: vulnerable_version_range + type: keyword + description: A string that describes the vulnerable package versions. + - name: state + type: keyword + description: Identifies the state of the alert. + - name: vulnerable_manifest_path + type: keyword + description: The vulnerable manifest path. + - name: vulnerable_manifest_filename + type: keyword + description: The vulnerable manifest filename. + - name: vulnerable_requirements + type: keyword + description: The vulnerable requirements. diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/is-transform-source-false.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/is-transform-source-false.yml new file mode 100644 index 000000000000..490a079e7a73 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/is-transform-source-false.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "false" diff --git a/packages/github/elasticsearch/transform/latest_dependabot/fields/package-fields.yml b/packages/github/elasticsearch/transform/latest_dependabot/fields/package-fields.yml new file mode 100644 index 000000000000..39846f42be5e --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/fields/package-fields.yml @@ -0,0 +1,59 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. diff --git a/packages/github/elasticsearch/transform/latest_dependabot/manifest.yml b/packages/github/elasticsearch/transform/latest_dependabot/manifest.yml new file mode 100644 index 000000000000..24e9e9267935 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/manifest.yml @@ -0,0 +1,11 @@ +start: true +destination_index_template: + mappings: + dynamic: true + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/github/elasticsearch/transform/latest_dependabot/transform.yml b/packages/github/elasticsearch/transform/latest_dependabot/transform.yml new file mode 100644 index 000000000000..98874cb833ff --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_dependabot/transform.yml @@ -0,0 +1,42 @@ +# Use of "*" to use all namespaces defined. +source: + index: + - "logs-github.dependabot-*" +# The version suffix on the dest.index should be incremented if a breaking +# change is made to the index mapping. You must also bump the +# fleet_transform_version for any change to this transform configuration to +# take effect. The old destination index is not automatically removed. We are +# dependent on https://github.com/elastic/package-spec/issues/523 to give us +# that ability in order to prevent having duplicate data and prevent query +# time field type conflicts. +dest: + index: "logs-github_latest.dest_dependabot-1" + aliases: + - alias: "logs-github_latest.dependabot" + move_on_creation: true +latest: + unique_key: + - github.repository.owner.login + - github.repository.name + - github.dependabot.number + - github.dependabot.created_at + sort: "event.ingested" +description: >- + Latest Alerts from Github's Dependabot. As Alerts get updated, this transform stores only the latest state of each alert inside the destination index. Thus the transform's destination index contains only the latest state of the alert. +frequency: 30s +settings: + # This is required to prevent the transform from clobbering the Fleet-managed mappings. + deduce_mappings: false + unattended: true +sync: + time: + field: "event.ingested" + # Updated to 120s because of refresh delay in Serverless. With default 60s, + # sometimes transform wouldn't process all documents. + delay: 120s +_meta: + managed: false + # Bump this version to delete, reinstall, and restart the transform during + # package installation. + fleet_transform_version: 1.0.0 + run_as_kibana_system: false diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/agent.yml b/packages/github/elasticsearch/transform/latest_issues/fields/agent.yml new file mode 100644 index 000000000000..3a1b4c228964 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/agent.yml @@ -0,0 +1,23 @@ +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: containerized + type: boolean + description: If the host is a container. + - name: os.build + type: keyword + example: "18D109" + description: OS build information. + - name: os.codename + type: keyword + example: "stretch" + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/base-fields.yml b/packages/github/elasticsearch/transform/latest_issues/fields/base-fields.yml new file mode 100644 index 000000000000..7defa882da69 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: event.module + type: constant_keyword + value: github + external: ecs +- name: event.dataset + type: constant_keyword + value: github.issues + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/ecs.yml b/packages/github/elasticsearch/transform/latest_issues/fields/ecs.yml new file mode 100644 index 000000000000..11e56b5043dd --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/ecs.yml @@ -0,0 +1,40 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: error.message +- external: ecs + name: event.action +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.created +- external: ecs + name: event.ingested +- external: ecs + name: event.kind + type: constant_keyword + value: event +- external: ecs + name: event.original +- external: ecs + name: event.type +- external: ecs + name: related.user +- external: ecs + name: user.id +- external: ecs + name: user.name +- external: ecs + name: tags diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/fields.yml b/packages/github/elasticsearch/transform/latest_issues/fields/fields.yml new file mode 100644 index 000000000000..0fee38e6d1ff --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/fields.yml @@ -0,0 +1,152 @@ +- name: github + type: group + fields: + - name: issues + type: group + fields: + - name: id + type: integer + description: The id of GitHub issue. + - name: node_id + type: keyword + description: The node_id of GitHub issue. + - name: url + type: keyword + description: The url of GitHub issue. + - name: repository_url + type: keyword + description: The repository containing the GitHub issue. + - name: labels_url + type: keyword + - name: comments_url + type: keyword + - name: events_url + type: keyword + - name: html_url + type: keyword + - name: number + type: integer + - name: state + type: keyword + - name: title + type: keyword + - name: body + type: text + - name: user + type: group + description: Information of user who created the issue. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: assignee + type: group + description: Information of user who was assigned the issue. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: assignees + type: flattened + description: Information of users who were assigned the issue. + - name: labels + type: group + description: Information of labels assigned to the issue. + fields: + - name: name + type: keyword + - name: description + type: keyword + - name: team + type: keyword + - name: integration + type: keyword + - name: locked + type: boolean + - name: active_lock_reason + type: keyword + - name: comments + type: integer + - name: pull_request + type: group + description: Pull request + fields: + - name: url + type: keyword + - name: html_url + type: keyword + - name: diff_url + type: keyword + - name: patch_url + type: keyword + - name: closed_at + type: date + description: The time that the issue was closed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: created_at + type: date + description: The time that the issue was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: updated_at + type: date + description: The time that the issue was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: closed_by + type: group + description: Information of user who closed the issue. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: author_association + type: keyword + - name: state_reason + type: keyword + - name: is_pr + type: boolean + - name: draft + type: boolean + - name: timeline_url + type: keyword + - name: time_to_close.sec + type: long + format: duration + unit: s + metric_type: gauge + description: The time taken to close an issue in seconds. diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/is-transform-source-false.yml b/packages/github/elasticsearch/transform/latest_issues/fields/is-transform-source-false.yml new file mode 100644 index 000000000000..490a079e7a73 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/is-transform-source-false.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "false" diff --git a/packages/github/elasticsearch/transform/latest_issues/fields/package-fields.yml b/packages/github/elasticsearch/transform/latest_issues/fields/package-fields.yml new file mode 100644 index 000000000000..39846f42be5e --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/fields/package-fields.yml @@ -0,0 +1,59 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. diff --git a/packages/github/elasticsearch/transform/latest_issues/manifest.yml b/packages/github/elasticsearch/transform/latest_issues/manifest.yml new file mode 100644 index 000000000000..24e9e9267935 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/manifest.yml @@ -0,0 +1,11 @@ +start: true +destination_index_template: + mappings: + dynamic: true + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/github/elasticsearch/transform/latest_issues/transform.yml b/packages/github/elasticsearch/transform/latest_issues/transform.yml new file mode 100644 index 000000000000..390de4400737 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_issues/transform.yml @@ -0,0 +1,42 @@ +# Use of "*" to use all namespaces defined. +source: + index: + - "logs-github.issues-*" +# The version suffix on the dest.index should be incremented if a breaking +# change is made to the index mapping. You must also bump the +# fleet_transform_version for any change to this transform configuration to +# take effect. The old destination index is not automatically removed. We are +# dependent on https://github.com/elastic/package-spec/issues/523 to give us +# that ability in order to prevent having duplicate data and prevent query +# time field type conflicts. +dest: + index: "logs-github_latest.dest_issues-1" + aliases: + - alias: "logs-github_latest.issues" + move_on_creation: true +latest: + unique_key: + - github.repository.owner.login + - github.repository.name + - github.issues.url + - github.issues.created_at + sort: "event.ingested" +description: >- + Latest Issues from Github. As issues get updated, this transform stores only the latest state of each issue inside the destination index. Thus the transform's destination index contains only the latest state of the issue. +frequency: 30s +settings: + # This is required to prevent the transform from clobbering the Fleet-managed mappings. + deduce_mappings: false + unattended: true +sync: + time: + field: "event.ingested" + # Updated to 120s because of refresh delay in Serverless. With default 60s, + # sometimes transform wouldn't process all documents. + delay: 120s +_meta: + managed: false + # Bump this version to delete, reinstall, and restart the transform during + # package installation. + fleet_transform_version: 1.0.0 + run_as_kibana_system: false diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/agent.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/agent.yml new file mode 100644 index 000000000000..3a1b4c228964 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/agent.yml @@ -0,0 +1,23 @@ +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: containerized + type: boolean + description: If the host is a container. + - name: os.build + type: keyword + example: "18D109" + description: OS build information. + - name: os.codename + type: keyword + example: "stretch" + description: OS codename, if any. +- name: input.type + type: keyword + description: Input Type. +- name: log.offset + type: long + description: Log Offset. diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/base-fields.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/base-fields.yml new file mode 100644 index 000000000000..58381c04252c --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: event.module + type: constant_keyword + value: github + external: ecs +- name: event.dataset + type: constant_keyword + value: github.secret_scanning + external: ecs +- name: '@timestamp' + external: ecs diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/ecs.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/ecs.yml new file mode 100644 index 000000000000..533e5e3b7a55 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/ecs.yml @@ -0,0 +1,34 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: error.message +- external: ecs + name: event.action +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.created +- external: ecs + name: event.ingested +- external: ecs + name: event.kind + type: constant_keyword + value: alert +- external: ecs + name: event.original +- external: ecs + name: event.type +- external: ecs + name: tags diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/fields.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/fields.yml new file mode 100644 index 000000000000..bd83406466bc --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/fields.yml @@ -0,0 +1,98 @@ +- name: github + type: group + fields: + - name: secret_scanning + type: group + fields: + - name: number + type: integer + description: The security alert number. + - name: created_at + type: date + description: The time that the alert was created in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: updated_at + type: date + description: The time that the alert was last updated in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: url + type: keyword + description: The REST API URL of the alert resource + - name: html_url + type: keyword + description: The GitHub URL of the alert resource. + - name: locations_url + type: keyword + description: The REST API URL of the code locations for this alert. + - name: state + type: keyword + description: State of the secret scanning alert. + - name: resolution + type: keyword + description: Required when the `state` is `resolved`. The reason for resolving the alert. + - name: resolved_at + type: date + description: The time that the alert was resolved in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. + - name: resolved_by + type: group + description: Information on user who resolved the alert. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: node_id + type: keyword + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: time_to_resolution.sec + type: long + format: duration + unit: s + metric_type: gauge + description: The time taken to either fix the secret in seconds. + - name: secret_type + type: keyword + description: The type of secret that secret scanning detected. + - name: secret_type_display_name + type: keyword + description: User-friendly name for the detected secret, matching the `secret_type`. + - name: secret + type: keyword + description: The secret that was detected. + - name: push_protection_bypassed + type: boolean + description: Whether push protection was bypassed for the detected secret. + - name: push_protection_bypassed_by + type: group + description: Information on user who bypassed push protection bypassed. + fields: + - name: name + type: keyword + - name: email + type: keyword + - name: login + type: keyword + - name: id + type: integer + - name: node_id + type: keyword + - name: url + type: keyword + - name: html_url + type: keyword + - name: type + type: keyword + - name: site_admin + type: boolean + - name: push_protection_bypassed_at + type: date + description: The time that push protection was bypassed in ISO 8601 format - `YYYY-MM-DDTHH:MM:SSZ`. diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/is-transform-source-false.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/is-transform-source-false.yml new file mode 100644 index 000000000000..490a079e7a73 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/is-transform-source-false.yml @@ -0,0 +1,4 @@ +- name: labels.is_transform_source + type: constant_keyword + description: Distinguishes between documents that are a source for a transform and documents that are an output of a transform, to facilitate easier filtering. + value: "false" diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/fields/package-fields.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/package-fields.yml new file mode 100644 index 000000000000..39846f42be5e --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/fields/package-fields.yml @@ -0,0 +1,59 @@ +- name: github + type: group + fields: + - name: repository + type: group + description: Information about the GitHub repository. + fields: + - name: id + type: integer + description: A unique identifier of the repository. + - name: is_in_organization + type: boolean + description: Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. + - name: name + type: keyword + description: The name of the repository. + - name: full_name + type: keyword + description: The full, globally unique, name of the repository. + - name: private + type: boolean + description: Whether the repository is private. + - name: html_url + type: keyword + description: The URL to view the repository on GitHub.com. + - name: description + type: text + description: The repository description. + - name: fork + type: boolean + description: Whether the repository is a fork. + - name: url + type: keyword + description: The URL to get more information about the repository from the GitHub API. + - name: owner + type: group + description: Represents an owner of the repository. Owner could be an Organization or User. + fields: + - name: name + type: keyword + description: Name of repository owner. + - name: email + type: keyword + description: The public email of repository owner. + - name: login + type: keyword + description: Login username of repository owner. + - name: id + type: integer + description: ID of the repository owner. + - name: url + type: keyword + description: The URL to get more information about the repository owner from the GitHub API. + - name: html_url + type: keyword + description: The HTTP URL for the repository owner. + - name: type + type: keyword + description: The type of the repository owner. Example - User. diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/manifest.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/manifest.yml new file mode 100644 index 000000000000..24e9e9267935 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/manifest.yml @@ -0,0 +1,11 @@ +start: true +destination_index_template: + mappings: + dynamic: true + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/github/elasticsearch/transform/latest_secret_scanning/transform.yml b/packages/github/elasticsearch/transform/latest_secret_scanning/transform.yml new file mode 100644 index 000000000000..10a2a1aabc20 --- /dev/null +++ b/packages/github/elasticsearch/transform/latest_secret_scanning/transform.yml @@ -0,0 +1,42 @@ +# Use of "*" to use all namespaces defined. +source: + index: + - "logs-github.secret_scanning-*" +# The version suffix on the dest.index should be incremented if a breaking +# change is made to the index mapping. You must also bump the +# fleet_transform_version for any change to this transform configuration to +# take effect. The old destination index is not automatically removed. We are +# dependent on https://github.com/elastic/package-spec/issues/523 to give us +# that ability in order to prevent having duplicate data and prevent query +# time field type conflicts. +dest: + index: "logs-github_latest.dest_secret_scanning-1" + aliases: + - alias: "logs-github_latest.secret_scanning" + move_on_creation: true +latest: + unique_key: + - github.repository.owner.login + - github.repository.name + - github.secret_scanning.number + - github.secret_scanning.created_at + sort: "event.ingested" +description: >- + Latest Secret Scanning Alerts from Github's Secret Scanning. As secret scanning alerts get updated, this transform stores only the latest state of each secret scanning alert inside the destination index. Thus the transform's destination index contains only the latest state of the alerts. +frequency: 30s +settings: + # This is required to prevent the transform from clobbering the Fleet-managed mappings. + deduce_mappings: false + unattended: true +sync: + time: + field: "event.ingested" + # Updated to 120s because of refresh delay in Serverless. With default 60s, + # sometimes transform wouldn't process all documents. + delay: 120s +_meta: + managed: false + # Bump this version to delete, reinstall, and restart the transform during + # package installation. + fleet_transform_version: 1.0.0 + run_as_kibana_system: false diff --git a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json index f863b8dfd5a1..016489031e79 100644 --- a/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json +++ b/packages/github/kibana/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80.json @@ -3,8 +3,64 @@ "controlGroupInput": { "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{}}},\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"3d506940-8d8f-4f4f-8fa8-5ac070d1dc36\",\"enhancements\":{}}}}" + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "3d506940-8d8f-4f4f-8fa8-5ac070d1dc36": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.code_scanning.rule.security_severity_level", + "id": "3d506940-8d8f-4f4f-8fa8-5ac070d1dc36", + "searchTechnique": "prefix", + "title": "Severity" + }, + "grow": true, + "order": 3, + "type": "optionsListControl", + "width": "medium" + }, + "8fb8d319-c120-4bcb-849d-6d45f3f5406a": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.code_scanning.state", + "id": "8fb8d319-c120-4bcb-849d-6d45f3f5406a", + "searchTechnique": "prefix", + "title": "State" + }, + "grow": true, + "order": 2, + "type": "optionsListControl", + "width": "medium" + }, + "93a8183f-ab74-4636-9f63-9e30c35bfa6b": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.owner.login", + "id": "93a8183f-ab74-4636-9f63-9e30c35bfa6b", + "title": "Owner/Organization" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "965171e3-e02b-49ff-a2f7-6ddfa5159eee": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.name", + "id": "965171e3-e02b-49ff-a2f7-6ddfa5159eee", + "title": "Repository" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + } + } }, "description": "", "kibanaSavedObjectMeta": { @@ -18,25 +74,60 @@ "alias": "Code Scanning", "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", "negate": false, "params": [ - "code_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { "match_phrase": { - "event.action": "code_scanning" + "labels.is_transform_source": "false" } } - ] - } - } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} } ], "query": { @@ -53,6 +144,43 @@ "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [Advanced Security Overview](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [**Code Scanning (This Page)**](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [Secret Scanning](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [Dependabot](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [Issues](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the alerts ingested from Github Code Scanning.\n\nThe dashboard provides details on code scanning alerts that are open and resolved. It deep-dives into the top 10 repositories where code scanning alerts are found. It also calculates the mean-time to resolve (or dismiss) an open code scanning alert. The dashboard presents a view of alerts by severity and code scanning rules defining the alerts. Finally, it gives a layout of top users resolving the code scanning alerts.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 29, + "i": "bccec7c9-4db6-4cbf-96e7-eabf5a791af0", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "bccec7c9-4db6-4cbf-96e7-eabf5a791af0", + "title": "Table of Contents", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -65,11 +193,17 @@ }, { "id": "logs-*", - "name": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "name": "4f9f826a-a1a6-454a-a27e-1dcbdb3a2dd4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "577b815d-0e9c-46b7-a0e9-d43d604ee84b", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -104,13 +238,16 @@ "meta": { "alias": null, "disabled": false, - "index": "2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "index": "4f9f826a-a1a6-454a-a27e-1dcbdb3a2dd4", "key": "data_stream.dataset", "negate": false, "params": [ "github.code_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.code_scanning" + ] }, "query": { "bool": { @@ -124,35 +261,57 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "577b815d-0e9c-46b7-a0e9-d43d604ee84b", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "color": "#6092C0", "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", "layerType": "data", - "textAlign": "center", - "titlePosition": "top" + "metricAccessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" } }, "title": "Total Alerts Created [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, "gridData": { "h": 5, "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 0 }, "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -166,11 +325,17 @@ }, { "id": "logs-*", - "name": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "name": "1bf4d7b4-41e4-44e2-98d4-a145d7509f7b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b5fecfee-86fa-4a82-ba13-cafa5517a8e4", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -195,7 +360,7 @@ "decimals": 2 } }, - "formula": "count()/count(kql='github.state:dismissed')", + "formula": "count()/count(kql='NOT github.code_scanning.state:open')", "isFormulaBroken": false }, "references": [ @@ -207,7 +372,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -220,10 +385,10 @@ "dataType": "number", "filter": { "language": "kuery", - "query": "github.state:dismissed" + "query": "NOT github.code_scanning.state:open" }, "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -235,7 +400,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "math", "params": { "tinymathAst": { @@ -244,11 +409,11 @@ "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" ], "location": { - "max": 43, + "max": 56, "min": 0 }, "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", + "text": "count()/count(kql='NOT github.code_scanning.state:open')", "type": "function" } }, @@ -272,13 +437,16 @@ "meta": { "alias": null, "disabled": false, - "index": "4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "index": "1bf4d7b4-41e4-44e2-98d4-a145d7509f7b", "key": "data_stream.dataset", "negate": false, "params": [ "github.code_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.code_scanning" + ] }, "query": { "bool": { @@ -292,22 +460,45 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b5fecfee-86fa-4a82-ba13-cafa5517a8e4", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -315,13 +506,12 @@ "gridData": { "h": 5, "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 0 }, "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -335,41 +525,76 @@ }, { "id": "logs-*", - "name": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "name": "915716e4-324e-4217-853a-1ca266dc4515", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a45a8e01-295d-4165-a070-248d94ab7356", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "cbc5557e-f6b9-4140-90b2-3100f33083c4": { "columnOrder": [ "3ef214a7-820c-42e3-b2b0-5daa7566fedc", + "344cef17-99d0-482a-94eb-0c407ef3ab93", "4525c4ae-5f82-4b4d-9867-48e4aba462fd" ], "columns": { - "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { - "customLabel": true, + "344cef17-99d0-482a-94eb-0c407ef3ab93": { "dataType": "string", "isBucketed": true, - "label": "Open vs Resolved", + "label": "Top 10 values of github.code_scanning.state", "operationType": "terms", "params": { + "exclude": [], + "excludeIsRegex": false, + "include": [], + "includeIsRegex": false, "missingBucket": false, "orderBy": { "columnId": "4525c4ae-5f82-4b4d-9867-48e4aba462fd", "type": "column" }, "orderDirection": "desc", - "otherBucket": false, + "otherBucket": true, "parentFormat": { "id": "terms" }, "size": 10 }, "scale": "ordinal", - "sourceField": "github.code_scanning.most_recent_instance.state" + "sourceField": "github.code_scanning.state" + }, + "3ef214a7-820c-42e3-b2b0-5daa7566fedc": { + "dataType": "string", + "isBucketed": true, + "label": "Filters", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "NOT \"github.code_scanning.state\" : \"open\" " + }, + "label": "Resolved" + }, + { + "input": { + "language": "kuery", + "query": "\"github.code_scanning.state\" : \"open\" " + }, + "label": "Open" + } + ] + }, + "scale": "ordinal" }, "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { "dataType": "number", @@ -396,7 +621,7 @@ "meta": { "alias": null, "disabled": false, - "index": "5b02c858-e981-4dc4-a3bc-1d563549180a", + "index": "915716e4-324e-4217-853a-1ca266dc4515", "key": "data_stream.dataset", "negate": false, "params": { @@ -409,8 +634,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "a45a8e01-295d-4165-a070-248d94ab7356", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -430,6 +678,7 @@ "nestedLegend": false, "numberDisplay": "percent", "primaryGroups": [ + "344cef17-99d0-482a-94eb-0c407ef3ab93", "3ef214a7-820c-42e3-b2b0-5daa7566fedc" ], "truncateLegend": true @@ -443,6 +692,7 @@ } }, "title": "Open vs Resolved/Dismissed [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {} @@ -450,13 +700,13 @@ "gridData": { "h": 15, "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, + "w": 16, + "x": 32, "y": 0 }, "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.7.1" + "title": "Open vs Resolved [GitHub Code Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -470,16 +720,22 @@ }, { "id": "logs-*", - "name": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "name": "87d715bf-83d4-4de3-a487-a76b1e2ca6e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "01474a2e-8654-4bd4-9538-0f4d090114cc", "type": "index-pattern" }, { "id": "logs-*", - "name": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "name": "faba399d-2f59-4416-95ec-79e360fa6ecf", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -520,13 +776,16 @@ "meta": { "alias": null, "disabled": false, - "index": "5d417c98-6b80-42b4-9183-15bf539c9c46", + "index": "87d715bf-83d4-4de3-a487-a76b1e2ca6e3", "key": "data_stream.dataset", "negate": false, "params": [ "github.code_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.code_scanning" + ] }, "query": { "bool": { @@ -548,7 +807,7 @@ "meta": { "alias": null, "disabled": false, - "index": "c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "index": "01474a2e-8654-4bd4-9538-0f4d090114cc", "key": "github.code_scanning.state", "negate": false, "params": { @@ -561,78 +820,57 @@ "github.code_scanning.state": "open" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "faba399d-2f59-4416-95ec-79e360fa6ecf", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#E7664C", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Open Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, "gridData": { "h": 5, "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 5 }, "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -646,16 +884,22 @@ }, { "id": "logs-*", - "name": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "name": "eb3e000c-55e8-47ff-b181-6b8be83eee8c", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "56259762-bbfa-4247-b64a-4626e17fdc23", "type": "index-pattern" }, { "id": "logs-*", - "name": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "name": "3018b8f7-a894-40ef-a2d1-9f7982481e41", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -690,7 +934,7 @@ "meta": { "alias": null, "disabled": false, - "index": "1d49d476-9ca6-44e0-8501-35c7f63ed984", + "index": "eb3e000c-55e8-47ff-b181-6b8be83eee8c", "key": "data_stream.dataset", "negate": false, "params": { @@ -711,7 +955,7 @@ "meta": { "alias": null, "disabled": false, - "index": "a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "index": "56259762-bbfa-4247-b64a-4626e17fdc23", "key": "github.code_scanning.time_to_resolution.sec", "negate": false, "type": "exists", @@ -722,22 +966,45 @@ "field": "github.code_scanning.time_to_resolution.sec" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "3018b8f7-a894-40ef-a2d1-9f7982481e41", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523" } }, "title": "Mean Time to Resolution [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -745,14 +1012,13 @@ "gridData": { "h": 5, "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 5 }, "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", "title": "Mean Time To Resolution [GitHub Code Scanning]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -766,16 +1032,12 @@ }, { "id": "logs-*", - "name": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "960abe90-416f-4075-aaef-2cc0a3af1707", + "name": "0995144d-5a44-4cf1-8d9e-e42a60a9534d", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -789,7 +1051,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Resolved/Dismissed Alerts", + "label": "Resolved (Dismissed or Fixed) Alerts", "operationType": "formula", "params": { "format": { @@ -810,7 +1072,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Dismissed Alerts", + "label": "Part of Resolved (Dismissed or Fixed) Alerts", "operationType": "count", "params": { "emptyAsNull": false @@ -832,7 +1094,29 @@ "meta": { "alias": null, "disabled": false, - "index": "bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "field": "github.code_scanning.state", + "index": "0995144d-5a44-4cf1-8d9e-e42a60a9534d", + "key": "github.code_scanning.state", + "negate": true, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.code_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "cc12dc98-34d8-449e-b418-b4c4ef8b297e", "key": "data_stream.dataset", "negate": false, "params": [ @@ -860,77 +1144,37 @@ "meta": { "alias": null, "disabled": false, - "index": "960abe90-416f-4075-aaef-2cc0a3af1707", - "key": "github.state", + "field": "labels.is_transform_source", + "index": "dd3602c0-a608-46ad-b10e-b56d2a09d155", + "key": "labels.is_transform_source", "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" + "params": { + "query": "false" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#54B399", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -938,13 +1182,13 @@ "gridData": { "h": 5, "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 10 }, "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.7.1" + "title": "Resolved (Dismissed) Alerts Count [GitHub Code Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -955,14 +1199,10 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-d8a21374-4117-4796-96e2-ecd47f2babd2", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2ce8a419-debd-4a37-85e6-c7b49e61604f", - "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -993,7 +1233,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", + "label": "Part of Ratio between the alerts generated and the number of commits", "operationType": "count", "params": { "emptyAsNull": false @@ -1005,7 +1245,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", + "label": "Part of Ratio between the alerts generated and the number of commits", "operationType": "unique_count", "params": { "emptyAsNull": false @@ -1017,7 +1257,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Ratio between the alerts and the number of commits generated", + "label": "Part of Ratio between the alerts generated and the number of commits", "operationType": "math", "params": { "tinymathAst": { @@ -1054,7 +1294,7 @@ "meta": { "alias": null, "disabled": false, - "index": "2ce8a419-debd-4a37-85e6-c7b49e61604f", + "index": "36d42660-8f01-4072-b742-11bb325ae59e", "key": "data_stream.dataset", "negate": false, "params": [ @@ -1074,34 +1314,57 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "1bf86065-506d-4303-ae83-fe605d1ec862", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264", + "color": "#6092C0", "layerId": "d8a21374-4117-4796-96e2-ecd47f2babd2", "layerType": "data", - "textAlign": "center" + "metricAccessor": "c96796ed-ded2-4cb6-9e7d-4ffbc1def264" } }, "title": "Alert/Commit Ratio [GitHub Code Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, "gridData": { "h": 5, "i": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 10 }, "panelIndex": "46dc58eb-4994-442d-a6b4-4b3699b74bf1", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1115,11 +1378,17 @@ }, { "id": "logs-*", - "name": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "name": "903f820f-b968-4bbc-b978-f6b07e54b01d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc3374b1-bd6c-412a-8d85-598da79fc886", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1218,13 +1487,16 @@ "meta": { "alias": null, "disabled": false, - "index": "1d50dadb-a088-4e8b-842f-8d84e6378658", + "index": "903f820f-b968-4bbc-b978-f6b07e54b01d", "key": "data_stream.dataset", "negate": false, "params": [ "github.code_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.code_scanning" + ] }, "query": { "bool": { @@ -1238,8 +1510,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "dc3374b1-bd6c-412a-8d85-598da79fc886", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1294,20 +1589,20 @@ } }, "title": "Alerts count by owner and by repository [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} }, "gridData": { - "h": 12, + "h": 14, "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, + "w": 18, + "x": 10, "y": 15 }, "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1321,11 +1616,17 @@ }, { "id": "logs-*", - "name": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "name": "f355e045-27f2-49ca-8115-db85848e0835", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ecf608a4-cf24-41d1-ac5d-d69a53c7a181", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1404,13 +1705,16 @@ "meta": { "alias": null, "disabled": false, - "index": "63aad513-3506-45e9-8c13-d2ee49f689ab", + "index": "f355e045-27f2-49ca-8115-db85848e0835", "key": "data_stream.dataset", "negate": false, "params": [ "github.code_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.code_scanning" + ] }, "query": { "bool": { @@ -1424,8 +1728,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "ecf608a4-cf24-41d1-ac5d-d69a53c7a181", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1452,22 +1779,22 @@ } }, "title": "Aerts % by owner and by repository [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 12, + "h": 14, "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, + "w": 20, + "x": 28, "y": 15 }, "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", "title": "Alerts % by owner and by repository [GitHub Code Scanning]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1481,11 +1808,17 @@ }, { "id": "logs-*", - "name": "14d80078-f238-406f-9a34-bae0f8616bc0", + "name": "95a606ae-be95-433b-bf8d-1b66b77e4838", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c0a409ec-0fbc-4a06-98d1-e3c5c5e0a20e", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1543,7 +1876,7 @@ "meta": { "alias": null, "disabled": false, - "index": "14d80078-f238-406f-9a34-bae0f8616bc0", + "index": "95a606ae-be95-433b-bf8d-1b66b77e4838", "key": "data_stream.dataset", "negate": false, "params": { @@ -1556,8 +1889,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "c0a409ec-0fbc-4a06-98d1-e3c5c5e0a20e", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1610,6 +1966,7 @@ } }, "title": "Tool Contribution Count [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -1620,12 +1977,11 @@ "i": "4e77167a-4642-4cbb-8430-2197e2f31666", "w": 14, "x": 0, - "y": 27 + "y": 29 }, "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", "title": "Tool Contribution [GitHub Code Scanning]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1639,11 +1995,17 @@ }, { "id": "logs-*", - "name": "e696efc1-4a91-44d3-ad68-618f00d80703", + "name": "5e629040-5058-44e9-a2d4-50b6b12b26b3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8d95ae92-0ad4-4159-9b73-342269046443", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1699,7 +2061,7 @@ "meta": { "alias": null, "disabled": false, - "index": "e696efc1-4a91-44d3-ad68-618f00d80703", + "index": "5e629040-5058-44e9-a2d4-50b6b12b26b3", "key": "data_stream.dataset", "negate": false, "params": { @@ -1712,8 +2074,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "8d95ae92-0ad4-4159-9b73-342269046443", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1743,6 +2128,7 @@ } }, "title": "Tool Contribution [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {} @@ -1752,11 +2138,10 @@ "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", "w": 11, "x": 14, - "y": 27 + "y": 29 }, "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1770,11 +2155,17 @@ }, { "id": "logs-*", - "name": "a9c37a5a-574a-411d-9420-2e53045288f3", + "name": "041d7614-e610-4b2c-906d-482f8252ef40", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc24aa1e-1b5b-483d-8f9a-2501d614ae75", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1845,7 +2236,7 @@ "meta": { "alias": null, "disabled": false, - "index": "a9c37a5a-574a-411d-9420-2e53045288f3", + "index": "041d7614-e610-4b2c-906d-482f8252ef40", "key": "data_stream.dataset", "negate": false, "params": { @@ -1858,8 +2249,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "dc24aa1e-1b5b-483d-8f9a-2501d614ae75", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1914,6 +2328,7 @@ } }, "title": "Daily Tool Contribution [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -1924,11 +2339,10 @@ "i": "7a3f8c53-407b-4862-9dc3-10dccfe06426", "w": 23, "x": 25, - "y": 27 + "y": 29 }, "panelIndex": "7a3f8c53-407b-4862-9dc3-10dccfe06426", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1942,11 +2356,17 @@ }, { "id": "logs-*", - "name": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "name": "0a43e606-a685-43a6-b9f0-236efc099835", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ad5332c2-6db1-4b9c-a373-3da51344172d", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1989,7 +2409,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "github.code_scanning.rule.security_severity_level" } }, "incompleteColumns": {} @@ -2005,7 +2425,7 @@ "meta": { "alias": null, "disabled": false, - "index": "c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "index": "0a43e606-a685-43a6-b9f0-236efc099835", "key": "data_stream.dataset", "negate": false, "params": { @@ -2018,8 +2438,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "ad5332c2-6db1-4b9c-a373-3da51344172d", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2074,6 +2517,7 @@ } }, "title": "Alert Severity Count [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -2084,11 +2528,10 @@ "i": "9653b170-7606-461f-9ac4-bf58547f30db", "w": 14, "x": 0, - "y": 40 + "y": 42 }, "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2102,11 +2545,17 @@ }, { "id": "logs-*", - "name": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "name": "eac4b05e-e29d-4e50-b786-80a5500c0a36", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5b506618-3341-4179-bc0e-052693412f3f", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2149,7 +2598,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "github.code_scanning.rule.security_severity_level" } }, "incompleteColumns": {} @@ -2165,7 +2614,7 @@ "meta": { "alias": null, "disabled": false, - "index": "3ad0255d-c017-4880-b3dd-d60cb17375c1", + "index": "eac4b05e-e29d-4e50-b786-80a5500c0a36", "key": "data_stream.dataset", "negate": false, "params": { @@ -2178,8 +2627,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "5b506618-3341-4179-bc0e-052693412f3f", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2211,6 +2683,7 @@ } }, "title": "Alert Severity % [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {}, @@ -2221,11 +2694,10 @@ "i": "563a073c-7de0-4095-b0ac-127caed562f2", "w": 11, "x": 14, - "y": 40 + "y": 42 }, "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2239,11 +2711,17 @@ }, { "id": "logs-*", - "name": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "name": "fb15893b-7148-40a7-bf74-186fa26f5130", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "56dae885-8ab2-4ec1-9683-5bf6ee7075d8", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2257,7 +2735,7 @@ "00866684-5176-499e-9517-eff9e9102155": { "dataType": "string", "isBucketed": true, - "label": "Top 10 values of github.severity", + "label": "Top 10 values of github.code_scanning.rule.security_severity_level", "operationType": "terms", "params": { "missingBucket": false, @@ -2274,7 +2752,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "github.code_scanning.rule.security_severity_level" }, "257a7d8d-1315-4775-97d9-e679c0f3aa79": { "dataType": "date", @@ -2315,7 +2793,7 @@ "meta": { "alias": null, "disabled": false, - "index": "8a760085-cbc8-4b89-8401-4eb7f686cc80", + "index": "fb15893b-7148-40a7-bf74-186fa26f5130", "key": "data_stream.dataset", "negate": false, "params": { @@ -2328,8 +2806,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "56dae885-8ab2-4ec1-9683-5bf6ee7075d8", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2384,6 +2885,7 @@ } }, "title": "Daily Alerts Count by Severity [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -2394,11 +2896,10 @@ "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", "w": 23, "x": 25, - "y": 40 + "y": 42 }, "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2412,11 +2913,17 @@ }, { "id": "logs-*", - "name": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "name": "92144d94-751b-4037-a865-6ee7c6521f4a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3e2c9216-55ba-4fd2-beea-0adf8b281672", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2474,7 +2981,7 @@ "meta": { "alias": null, "disabled": false, - "index": "d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "index": "92144d94-751b-4037-a865-6ee7c6521f4a", "key": "data_stream.dataset", "negate": false, "params": { @@ -2487,8 +2994,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "3e2c9216-55ba-4fd2-beea-0adf8b281672", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2543,6 +3073,7 @@ } }, "title": "Rule Severity [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -2552,11 +3083,10 @@ "i": "c8b71fb6-3611-4788-a05f-fc9336b277f5", "w": 14, "x": 0, - "y": 53 + "y": 55 }, "panelIndex": "c8b71fb6-3611-4788-a05f-fc9336b277f5", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2570,11 +3100,17 @@ }, { "id": "logs-*", - "name": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "name": "02fe5de4-c150-4e77-8c1d-f915f1dd34d7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc642fb7-9919-447f-ab66-93841eb642db", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2632,7 +3168,7 @@ "meta": { "alias": null, "disabled": false, - "index": "68463b79-453f-4a36-a9a5-e747691dbbc9", + "index": "02fe5de4-c150-4e77-8c1d-f915f1dd34d7", "key": "data_stream.dataset", "negate": false, "params": { @@ -2645,8 +3181,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "dc642fb7-9919-447f-ab66-93841eb642db", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2699,6 +3258,7 @@ } }, "title": "Top Rules [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -2708,11 +3268,10 @@ "i": "26c79a62-100e-4eb4-b878-621e2be8570d", "w": 34, "x": 14, - "y": 53 + "y": 55 }, "panelIndex": "26c79a62-100e-4eb4-b878-621e2be8570d", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2726,11 +3285,17 @@ }, { "id": "logs-*", - "name": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "name": "cfb764b5-f316-4c55-a7b4-1cb1c2dbd10f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "412373e2-29e3-4901-b084-a8bb460d6962", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2788,7 +3353,7 @@ "meta": { "alias": null, "disabled": false, - "index": "1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "index": "cfb764b5-f316-4c55-a7b4-1cb1c2dbd10f", "key": "data_stream.dataset", "negate": false, "params": { @@ -2801,8 +3366,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "412373e2-29e3-4901-b084-a8bb460d6962", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2853,6 +3441,7 @@ } }, "title": "Top files [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -2862,11 +3451,10 @@ "i": "41578b87-d820-42df-92d5-69af2643d793", "w": 36, "x": 0, - "y": 66 + "y": 68 }, "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2880,11 +3468,17 @@ }, { "id": "logs-*", - "name": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "name": "349b1a9d-cbb9-4a4a-ae38-4d5d4cf014c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0f927a88-b7af-4233-a926-00e688bb3dee", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2942,7 +3536,7 @@ "meta": { "alias": null, "disabled": false, - "index": "eeb76646-d085-43fb-bad2-e7e78e3470fa", + "index": "349b1a9d-cbb9-4a4a-ae38-4d5d4cf014c8", "key": "data_stream.dataset", "negate": false, "params": { @@ -2955,8 +3549,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "0f927a88-b7af-4233-a926-00e688bb3dee", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -3003,6 +3620,7 @@ } }, "title": "Top users dismissing alerts [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -3012,11 +3630,10 @@ "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", "w": 12, "x": 36, - "y": 66 + "y": 68 }, "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -3030,11 +3647,17 @@ }, { "id": "logs-*", - "name": "deab5558-7fec-4cfa-b152-24203a046301", + "name": "8277113a-444f-4f28-a100-ccf0bce92b66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bd1547b2-217d-44a7-8b23-069a0e68b4c9", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -3082,7 +3705,7 @@ "meta": { "alias": null, "disabled": false, - "index": "deab5558-7fec-4cfa-b152-24203a046301", + "index": "8277113a-444f-4f28-a100-ccf0bce92b66", "key": "data_stream.dataset", "negate": false, "params": { @@ -3095,8 +3718,31 @@ "data_stream.dataset": "github.code_scanning" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "bd1547b2-217d-44a7-8b23-069a0e68b4c9", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -3145,6 +3791,7 @@ } }, "title": "Events Timeline [GitHub Code Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -3154,23 +3801,20 @@ "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", "w": 48, "x": 0, - "y": 81 + "y": 83 }, "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", - "type": "lens", - "version": "8.7.1" + "type": "lens" } ], "timeRestore": false, "title": "[GitHub] Code Scanning Alerts", "version": 1 }, - "coreMigrationVersion": "8.7.1", - "created_at": "2023-07-10T01:35:24.333Z", + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-28T09:53:52.378Z", "id": "github-4da91aa0-12fc-11ed-af77-016e1a977d80", - "migrationVersion": { - "dashboard": "8.7.0" - }, + "managed": false, "references": [ { "id": "logs-*", @@ -3184,7 +3828,12 @@ }, { "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2c60b75b-1f6f-4bee-8a9c-6b7fdcbc905e", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:4f9f826a-a1a6-454a-a27e-1dcbdb3a2dd4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:577b815d-0e9c-46b7-a0e9-d43d604ee84b", "type": "index-pattern" }, { @@ -3194,7 +3843,12 @@ }, { "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:4fa3d8de-226f-4ff3-ab95-b9167e6ff115", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:1bf4d7b4-41e4-44e2-98d4-a145d7509f7b", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:b5fecfee-86fa-4a82-ba13-cafa5517a8e4", "type": "index-pattern" }, { @@ -3204,7 +3858,12 @@ }, { "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:5b02c858-e981-4dc4-a3bc-1d563549180a", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:915716e4-324e-4217-853a-1ca266dc4515", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:a45a8e01-295d-4165-a070-248d94ab7356", "type": "index-pattern" }, { @@ -3214,12 +3873,17 @@ }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:5d417c98-6b80-42b4-9183-15bf539c9c46", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:87d715bf-83d4-4de3-a487-a76b1e2ca6e3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:01474a2e-8654-4bd4-9538-0f4d090114cc", "type": "index-pattern" }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c10f8d54-f8a4-45cf-8c17-527a0b914e14", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:faba399d-2f59-4416-95ec-79e360fa6ecf", "type": "index-pattern" }, { @@ -3229,27 +3893,27 @@ }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1d49d476-9ca6-44e0-8501-35c7f63ed984", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:eb3e000c-55e8-47ff-b181-6b8be83eee8c", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:a0505379-6e67-41c4-b3c8-b7e6bd3efa7d", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:56259762-bbfa-4247-b64a-4626e17fdc23", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:3018b8f7-a894-40ef-a2d1-9f7982481e41", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:bff2e3f5-8f9b-49f4-ba88-b0e937089c2f", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:960abe90-416f-4075-aaef-2cc0a3af1707", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:0995144d-5a44-4cf1-8d9e-e42a60a9534d", "type": "index-pattern" }, { @@ -3259,17 +3923,17 @@ }, { "id": "logs-*", - "name": "46dc58eb-4994-442d-a6b4-4b3699b74bf1:2ce8a419-debd-4a37-85e6-c7b49e61604f", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", "type": "index-pattern" }, { "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:903f820f-b968-4bbc-b978-f6b07e54b01d", "type": "index-pattern" }, { "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:1d50dadb-a088-4e8b-842f-8d84e6378658", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:dc3374b1-bd6c-412a-8d85-598da79fc886", "type": "index-pattern" }, { @@ -3279,7 +3943,12 @@ }, { "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:63aad513-3506-45e9-8c13-d2ee49f689ab", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:f355e045-27f2-49ca-8115-db85848e0835", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:ecf608a4-cf24-41d1-ac5d-d69a53c7a181", "type": "index-pattern" }, { @@ -3289,7 +3958,12 @@ }, { "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:14d80078-f238-406f-9a34-bae0f8616bc0", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:95a606ae-be95-433b-bf8d-1b66b77e4838", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:c0a409ec-0fbc-4a06-98d1-e3c5c5e0a20e", "type": "index-pattern" }, { @@ -3299,7 +3973,12 @@ }, { "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:e696efc1-4a91-44d3-ad68-618f00d80703", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:5e629040-5058-44e9-a2d4-50b6b12b26b3", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:8d95ae92-0ad4-4159-9b73-342269046443", "type": "index-pattern" }, { @@ -3309,7 +3988,12 @@ }, { "id": "logs-*", - "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:a9c37a5a-574a-411d-9420-2e53045288f3", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:041d7614-e610-4b2c-906d-482f8252ef40", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "7a3f8c53-407b-4862-9dc3-10dccfe06426:dc24aa1e-1b5b-483d-8f9a-2501d614ae75", "type": "index-pattern" }, { @@ -3319,7 +4003,12 @@ }, { "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:c1f5c308-cb41-49d7-9d2b-034ddea6eec8", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:0a43e606-a685-43a6-b9f0-236efc099835", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:ad5332c2-6db1-4b9c-a373-3da51344172d", "type": "index-pattern" }, { @@ -3329,7 +4018,12 @@ }, { "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:3ad0255d-c017-4880-b3dd-d60cb17375c1", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:eac4b05e-e29d-4e50-b786-80a5500c0a36", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:5b506618-3341-4179-bc0e-052693412f3f", "type": "index-pattern" }, { @@ -3339,7 +4033,12 @@ }, { "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:8a760085-cbc8-4b89-8401-4eb7f686cc80", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:fb15893b-7148-40a7-bf74-186fa26f5130", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:56dae885-8ab2-4ec1-9683-5bf6ee7075d8", "type": "index-pattern" }, { @@ -3349,7 +4048,12 @@ }, { "id": "logs-*", - "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:d3c21fb5-7785-4c13-b684-0eebfa9a8ea9", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:92144d94-751b-4037-a865-6ee7c6521f4a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c8b71fb6-3611-4788-a05f-fc9336b277f5:3e2c9216-55ba-4fd2-beea-0adf8b281672", "type": "index-pattern" }, { @@ -3359,7 +4063,12 @@ }, { "id": "logs-*", - "name": "26c79a62-100e-4eb4-b878-621e2be8570d:68463b79-453f-4a36-a9a5-e747691dbbc9", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:02fe5de4-c150-4e77-8c1d-f915f1dd34d7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "26c79a62-100e-4eb4-b878-621e2be8570d:dc642fb7-9919-447f-ab66-93841eb642db", "type": "index-pattern" }, { @@ -3369,7 +4078,12 @@ }, { "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:1fdc2685-af71-4ebd-ad31-9a9f0aa8a12f", + "name": "41578b87-d820-42df-92d5-69af2643d793:cfb764b5-f316-4c55-a7b4-1cb1c2dbd10f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:412373e2-29e3-4901-b084-a8bb460d6962", "type": "index-pattern" }, { @@ -3379,7 +4093,12 @@ }, { "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:eeb76646-d085-43fb-bad2-e7e78e3470fa", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:349b1a9d-cbb9-4a4a-ae38-4d5d4cf014c8", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:0f927a88-b7af-4233-a926-00e688bb3dee", "type": "index-pattern" }, { @@ -3389,7 +4108,12 @@ }, { "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:deab5558-7fec-4cfa-b152-24203a046301", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:8277113a-444f-4f28-a100-ccf0bce92b66", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:bd1547b2-217d-44a7-8b23-069a0e68b4c9", "type": "index-pattern" }, { @@ -3411,7 +4135,13 @@ "id": "logs-*", "name": "controlGroup_3d506940-8d8f-4f4f-8fa8-5ac070d1dc36:optionsListDataView", "type": "index-pattern" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-security-solution-default", + "type": "tag" } ], - "type": "dashboard" + "type": "dashboard", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json index dcddc7679452..71ea3ab96131 100644 --- a/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c.json @@ -3,11 +3,53 @@ "controlGroupInput": { "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"66d2324e-be32-41be-b685-54ba2cc58c2b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"66d2324e-be32-41be-b685-54ba2cc58c2b\",\"enhancements\":{}}},\"54e33c68-ad08-412f-852a-f669391018b0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"54e33c68-ad08-412f-852a-f669391018b0\",\"enhancements\":{}}},\"9fd25971-d168-4a50-985f-9e1bb266c93e\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"9fd25971-d168-4a50-985f-9e1bb266c93e\",\"enhancements\":{}}},\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"bcb03b9e-5278-4d66-a4da-762d41ec13cd\",\"enhancements\":{}}}}" + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "54e33c68-ad08-412f-852a-f669391018b0": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.name", + "id": "54e33c68-ad08-412f-852a-f669391018b0", + "title": "Repository" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + }, + "66d2324e-be32-41be-b685-54ba2cc58c2b": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.owner.login", + "id": "66d2324e-be32-41be-b685-54ba2cc58c2b", + "title": "Owner/Organization" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "9fd25971-d168-4a50-985f-9e1bb266c93e": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.secret_scanning.state", + "id": "9fd25971-d168-4a50-985f-9e1bb266c93e", + "searchTechnique": "prefix", + "title": "State" + }, + "grow": true, + "order": 2, + "type": "optionsListControl", + "width": "medium" + } + } }, "description": "", - "hits": 0, "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [ @@ -19,25 +61,51 @@ "alias": "Secret Scanning", "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", "negate": false, "params": [ - "secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { + { + "meta": { + "alias": null, + "disabled": false, + "field": "event.dataset", + "index": "logs-*", + "key": "event.dataset", + "negate": false, + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" + }, + "query": { "match_phrase": { - "event.action": "secret_scanning" + "event.dataset": "github.secret_scanning" } } - ] - } - } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} } ], "query": { @@ -49,10 +117,48 @@ "optionsJSON": { "hidePanelTitles": false, "syncColors": false, + "syncCursor": true, "syncTooltips": false, "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [Advanced Security Overview](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [Code Scanning](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [**Secret Scanning (This Page)**](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [Dependabot](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [Issues](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the events ingested from Github.\n\nThe dashboard provides details on secret scanning alerts that are open and resolved. It deep-dives into the top 10 repositories where secret scanning alerts are found. It also calculates the mean-time to resolve (or dismiss) an open secret scanning alert. The dashboard presents a view of the type of secrets that are currently open. Finally, it gives a layout of top users resolving the secret scanning alerts.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 29, + "i": "aa215acc-3b4a-4247-88d8-219552a28650", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "aa215acc-3b4a-4247-88d8-219552a28650", + "title": "Table of Contents", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -65,11 +171,17 @@ }, { "id": "logs-*", - "name": "a27a9357-b353-46a3-9116-530f354b09b9", + "name": "74a98555-38d3-4ce6-8771-b4e706f99285", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b87bf6d3-a1cf-49ca-91fc-1f89a43ce946", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -104,13 +216,16 @@ "meta": { "alias": null, "disabled": false, - "index": "a27a9357-b353-46a3-9116-530f354b09b9", + "index": "74a98555-38d3-4ce6-8771-b4e706f99285", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -124,36 +239,57 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b87bf6d3-a1cf-49ca-91fc-1f89a43ce946", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "color": "#6092C0", "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", "layerType": "data", - "textAlign": "center", - "titlePosition": "top" + "metricAccessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" } }, "title": "Total Secrets Found [GitHub Secret Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 5, "i": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", "w": 14, - "x": 0, + "x": 10, "y": 0 }, "panelIndex": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -164,16 +300,13 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ef2a4614-151f-42d0-8707-257d009298ea", - "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ @@ -187,7 +320,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Secrets Found/Fixed Ratio", + "label": "Secrets Found/Resolved Ratio", "operationType": "formula", "params": { "format": { @@ -196,7 +329,7 @@ "decimals": 2 } }, - "formula": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "formula": "count()/count(kql='github.secret_scanning.state:dismissed or github.secret_scanning.state:resolved')", "isFormulaBroken": false }, "references": [ @@ -221,7 +354,7 @@ "dataType": "number", "filter": { "language": "kuery", - "query": "github.state:dismissed or github.state:resolved" + "query": "github.secret_scanning.state:dismissed or github.secret_scanning.state:resolved" }, "isBucketed": false, "label": "Part of Secrets Found/Fixed Ratio", @@ -245,11 +378,11 @@ "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" ], "location": { - "max": 68, + "max": 100, "min": 0 }, "name": "divide", - "text": "count()/count(kql='github.state:dismissed or github.state:resolved')", + "text": "count()/count(kql='github.secret_scanning.state:dismissed or github.secret_scanning.state:resolved')", "type": "function" } }, @@ -260,7 +393,8 @@ "scale": "ratio" } }, - "incompleteColumns": {} + "incompleteColumns": {}, + "indexPatternId": "logs-*" } } } @@ -273,13 +407,16 @@ "meta": { "alias": null, "disabled": false, - "index": "ef2a4614-151f-42d0-8707-257d009298ea", + "index": "c2aca70b-c3ca-4864-ba2d-ec20af7a35c9", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -293,36 +430,58 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "453c9cb4-550a-481c-b522-f3baa873a452", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Secrets Found/Fixed Ratio [GitHub Secret Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { - "h": 5, + "h": 7, "i": "277a4af7-61c6-40d9-80a6-2d73df097618", - "w": 14, - "x": 14, + "w": 12, + "x": 24, "y": 0 }, "panelIndex": "277a4af7-61c6-40d9-80a6-2d73df097618", - "type": "lens", - "version": "8.7.0" + "title": "Secrets Found/Resolved Ratio [GitHub Secret Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -336,11 +495,17 @@ }, { "id": "logs-*", - "name": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "name": "b4c59839-c76c-4634-ad1f-04870a39a7b1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b72103a9-fcc2-4435-808c-4f1ced14163e", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -371,7 +536,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.state" + "sourceField": "github.secret_scanning.state" }, "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { "dataType": "number", @@ -398,13 +563,16 @@ "meta": { "alias": null, "disabled": false, - "index": "d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "index": "b4c59839-c76c-4634-ad1f-04870a39a7b1", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -418,8 +586,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b72103a9-fcc2-4435-808c-4f1ced14163e", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -452,21 +643,21 @@ } }, "title": "Open vs Fixed/Resolved Secrets[GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 15, "i": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "w": 20, - "x": 28, + "w": 12, + "x": 36, "y": 0 }, "panelIndex": "51a087d0-9c56-4047-9404-b4b7b37497b0", - "type": "lens", - "version": "8.7.0" + "title": "Open vs Resolved Secrets[GitHub Secret Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -477,21 +668,13 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ @@ -502,7 +685,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Open Alerts", + "label": "Open Secret Scanning Alerts", "operationType": "count", "params": { "emptyAsNull": true, @@ -517,7 +700,8 @@ "sourceField": "___records___" } }, - "incompleteColumns": {} + "incompleteColumns": {}, + "indexPatternId": "logs-*" } } } @@ -530,24 +714,17 @@ "meta": { "alias": null, "disabled": false, - "index": "b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "index": "ad21b84c-900e-4b07-9247-32e08b2aca4d", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" } } }, @@ -558,8 +735,9 @@ "meta": { "alias": null, "disabled": false, - "index": "d4cc48c0-fb83-4b1d-9c91-369a087165c4", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "0b2547b7-260a-4346-a477-7a0f7914f6ac", + "key": "github.secret_scanning.state", "negate": false, "params": { "query": "open" @@ -568,82 +746,60 @@ }, "query": { "match_phrase": { - "github.state": "open" + "github.secret_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "93dc220c-b419-41fe-8544-fbf57ac9cf38", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#E7664C", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Open Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 5, "i": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", "w": 14, - "x": 0, + "x": 10, "y": 5 }, "panelIndex": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -657,16 +813,22 @@ }, { "id": "logs-*", - "name": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "name": "82707691-0a6e-4141-a447-a4949afde05e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ebb37af2-6f6a-4163-8bc0-730dc706980e", "type": "index-pattern" }, { "id": "logs-*", - "name": "dac33af7-8640-4326-8c95-afddf6194657", + "name": "efb8e7ed-a6ee-4430-aad5-fcc6dcbc4ab1", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -701,7 +863,7 @@ "meta": { "alias": null, "disabled": false, - "index": "9c0d6963-bc22-4d2d-9028-20e603d307e7", + "index": "82707691-0a6e-4141-a447-a4949afde05e", "key": "data_stream.dataset", "negate": false, "params": { @@ -722,7 +884,7 @@ "meta": { "alias": null, "disabled": false, - "index": "dac33af7-8640-4326-8c95-afddf6194657", + "index": "ebb37af2-6f6a-4163-8bc0-730dc706980e", "key": "github.secret_scanning.time_to_resolution.sec", "negate": false, "type": "exists", @@ -733,36 +895,57 @@ "field": "github.secret_scanning.time_to_resolution.sec" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "efb8e7ed-a6ee-4430-aad5-fcc6dcbc4ab1", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523" } }, "title": "Mean Time to Resolution [GitHub Secret Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { - "h": 10, + "h": 8, "i": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "w": 14, - "x": 14, - "y": 5 + "w": 12, + "x": 24, + "y": 7 }, "panelIndex": "e6cb0087-c5ba-49f2-8ae9-b206d2346609", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -773,63 +956,40 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e9f91f71-3727-4bf1-9d0a-2742347e223f", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" ], "columns": { "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", + "label": "Resolved (Dismissed) Secret Scanning Alerts", + "operationType": "count", "params": { + "emptyAsNull": true, "format": { "id": "number", "params": { "decimals": 0 } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false + } }, "scale": "ratio", "sourceField": "___records___" } }, - "incompleteColumns": {} + "incompleteColumns": {}, + "indexPatternId": "logs-*" } } } @@ -842,24 +1002,17 @@ "meta": { "alias": null, "disabled": false, - "index": "e9f91f71-3727-4bf1-9d0a-2742347e223f", + "index": "092da6c8-e8a2-4b6f-8a79-be406069bd66", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" } } }, @@ -870,14 +1023,17 @@ "meta": { "alias": null, "disabled": false, - "index": "f34d1f77-a34c-4ac9-ab7a-6892d9505a80", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "b98168d4-a1e2-4ef9-9260-83b37803b076", + "key": "github.secret_scanning.state", "negate": false, "params": [ - "dismissed", "resolved" ], - "type": "phrases" + "type": "phrases", + "value": [ + "resolved" + ] }, "query": { "bool": { @@ -885,76 +1041,64 @@ "should": [ { "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" + "github.secret_scanning.state": "resolved" } } ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "8e815d6b-8c90-430f-adda-b85791836570", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#54B399", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Fixed Secrets Count [GitHub Secret Scanning]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 5, "i": "892ed6dd-afe7-4685-bebb-5f1a70b44692", "w": 14, - "x": 0, + "x": 10, "y": 10 }, "panelIndex": "892ed6dd-afe7-4685-bebb-5f1a70b44692", - "type": "lens", - "version": "8.7.0" + "title": "Resolved Secrets Count [GitHub Secret Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -968,11 +1112,17 @@ }, { "id": "logs-*", - "name": "89debdad-d323-4640-918b-2c38d061e212", + "name": "6478570c-21b8-419e-88ec-f5430727e67d", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c4f14f66-1d6b-4b28-9310-c4f6bd1aae69", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1071,13 +1221,16 @@ "meta": { "alias": null, "disabled": false, - "index": "89debdad-d323-4640-918b-2c38d061e212", + "index": "6478570c-21b8-419e-88ec-f5430727e67d", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -1091,8 +1244,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "c4f14f66-1d6b-4b28-9310-c4f6bd1aae69", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1147,21 +1323,20 @@ } }, "title": "Found Secrets count by owner and by repository [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { - "h": 12, + "h": 14, "i": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "w": 24, - "x": 0, + "w": 21, + "x": 10, "y": 15 }, "panelIndex": "429f2ded-1aca-42cd-9190-9afddb03eabf", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -1175,11 +1350,17 @@ }, { "id": "logs-*", - "name": "11287d36-4d96-447c-b336-56ae03fcbc16", + "name": "aa689156-ebeb-462b-b8f7-ae6fa597a250", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eef2d1bb-8cb1-4d86-b987-9580ec987f27", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1258,28 +1439,44 @@ "meta": { "alias": null, "disabled": false, - "index": "11287d36-4d96-447c-b336-56ae03fcbc16", + "index": "aa689156-ebeb-462b-b8f7-ae6fa597a250", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "eef2d1bb-8cb1-4d86-b987-9580ec987f27", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1306,21 +1503,20 @@ } }, "title": "Found Secrets % by owner and by repository [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { - "h": 12, + "h": 14, "i": "a7adc099-113f-4113-b592-24b5ceff484e", - "w": 24, - "x": 24, + "w": 17, + "x": 31, "y": 15 }, "panelIndex": "a7adc099-113f-4113-b592-24b5ceff484e", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -1334,16 +1530,22 @@ }, { "id": "logs-*", - "name": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "name": "567fc10c-ce82-4b9c-a6d5-0981e9e41087", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "c5adbfcc-88bf-45df-b656-04896b48ed9a", "type": "index-pattern" }, { "id": "logs-*", - "name": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "name": "bfd462b5-9f2d-43a6-8452-eb1aef1b9765", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1402,24 +1604,17 @@ "meta": { "alias": null, "disabled": false, - "index": "25c2db0c-d286-407e-9c0b-55252a2ad165", + "index": "567fc10c-ce82-4b9c-a6d5-0981e9e41087", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" } } }, @@ -1430,8 +1625,9 @@ "meta": { "alias": null, "disabled": false, - "index": "82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "c5adbfcc-88bf-45df-b656-04896b48ed9a", + "key": "github.secret_scanning.state", "negate": false, "params": { "query": "open" @@ -1440,11 +1636,34 @@ }, "query": { "match_phrase": { - "github.state": "open" + "github.secret_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "bfd462b5-9f2d-43a6-8452-eb1aef1b9765", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1477,7 +1696,7 @@ "xAccessor": "257a7d8d-1315-4775-97d9-e679c0f3aa79", "yConfig": [ { - "color": "#6dc9cd", + "color": "#6092c0", "forAccessor": "e1d8072b-7268-444a-864e-ef1117b17b65" } ] @@ -1497,21 +1716,20 @@ } }, "title": "Open Secrets Count by Type [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 13, "i": "883397dd-0064-48f2-b257-c8ed4295b0b9", "w": 24, "x": 0, - "y": 27 + "y": 29 }, "panelIndex": "883397dd-0064-48f2-b257-c8ed4295b0b9", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -1525,16 +1743,22 @@ }, { "id": "logs-*", - "name": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "name": "6f786b20-f828-4ef4-b888-97f280ac8dc6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "eb9a956f-1e94-48c2-9170-352ae07d0241", "type": "index-pattern" }, { "id": "logs-*", - "name": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "name": "5947d171-d241-4770-8342-4b28919970ca", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1592,13 +1816,16 @@ "meta": { "alias": null, "disabled": false, - "index": "acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "index": "6f786b20-f828-4ef4-b888-97f280ac8dc6", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -1620,8 +1847,9 @@ "meta": { "alias": null, "disabled": false, - "index": "42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "eb9a956f-1e94-48c2-9170-352ae07d0241", + "key": "github.secret_scanning.state", "negate": false, "params": { "query": "open" @@ -1630,11 +1858,34 @@ }, "query": { "match_phrase": { - "github.state": "open" + "github.secret_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "5947d171-d241-4770-8342-4b28919970ca", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1664,21 +1915,20 @@ } }, "title": "Open Secrets % by Type [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 13, "i": "d0ec4a50-b9da-4775-9f64-5389f898aee3", "w": 24, "x": 24, - "y": 27 + "y": 29 }, "panelIndex": "d0ec4a50-b9da-4775-9f64-5389f898aee3", - "type": "lens", - "version": "8.7.0" + "type": "lens" }, { "embeddableConfig": { @@ -1692,22 +1942,29 @@ }, { "id": "logs-*", - "name": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "name": "1ac19e51-e199-42a7-828e-605917ab1e27", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2b87a91f-94c3-473c-8355-135532524691", "type": "index-pattern" }, { "id": "logs-*", - "name": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "name": "4e8c0fa0-90c0-4551-af33-76c6ccbf7efe", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "725aa594-f41c-4b3e-a6cf-8c115b602f57": { "columnOrder": [ "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "b45a8469-4547-4294-a737-68a51ca76eee", "197c6dc3-cb49-4482-8381-a89e27cc960f", "e81fb515-1196-411c-818d-8f4d837ce000", "2059204b-f8ae-4a1f-911e-c7ed705f2ba9", @@ -1836,7 +2093,7 @@ "customLabel": true, "dataType": "string", "isBucketed": true, - "label": "Fixed Secret", + "label": "Resolved Secret", "operationType": "terms", "params": { "missingBucket": false, @@ -1854,6 +2111,27 @@ "scale": "ordinal", "sourceField": "github.secret_scanning.secret" }, + "b45a8469-4547-4294-a737-68a51ca76eee": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Secret Alert Number", + "operationType": "range", + "params": { + "includeEmptyRows": true, + "maxBars": "auto", + "ranges": [ + { + "from": 0, + "label": "", + "to": 1000 + } + ], + "type": "histogram" + }, + "scale": "interval", + "sourceField": "github.secret_scanning.number" + }, "e81fb515-1196-411c-818d-8f4d837ce000": { "customLabel": true, "dataType": "string", @@ -1890,13 +2168,16 @@ "meta": { "alias": null, "disabled": false, - "index": "c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "index": "1ac19e51-e199-42a7-828e-605917ab1e27", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.secret_scanning" + ] }, "query": { "bool": { @@ -1918,34 +2199,45 @@ "meta": { "alias": null, "disabled": false, - "index": "54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "2b87a91f-94c3-473c-8355-135532524691", + "key": "github.secret_scanning.state", "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" + "params": { + "query": "resolved" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] + "match_phrase": { + "github.secret_scanning.state": "resolved" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "4e8c0fa0-90c0-4551-af33-76c6ccbf7efe", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1961,6 +2253,7 @@ }, { "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isMetric": false, "isTransposed": false }, { @@ -1987,6 +2280,11 @@ { "columnId": "432976f9-4218-49dc-9922-f7dc093cbaa1", "isTransposed": false + }, + { + "columnId": "b45a8469-4547-4294-a737-68a51ca76eee", + "isMetric": false, + "isTransposed": false } ], "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", @@ -1994,21 +2292,21 @@ } }, "title": "Fixed Secrets [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsDatatable" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 15, "i": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", "w": 48, "x": 0, - "y": 40 + "y": 42 }, "panelIndex": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8", - "type": "lens", - "version": "8.7.0" + "title": "Resolved Secret Details [GitHub Secret Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -2022,22 +2320,29 @@ }, { "id": "logs-*", - "name": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "name": "62fa5cf0-5645-4953-91a7-4049d24dcf0e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "138b89f4-4c57-4f00-8330-6bdb0948c3e2", "type": "index-pattern" }, { "id": "logs-*", - "name": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "name": "698830c1-cb7c-4887-b8eb-ef9f26cfabed", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "725aa594-f41c-4b3e-a6cf-8c115b602f57": { "columnOrder": [ "98acffa4-7380-4b18-9f9a-4025ca8ac0c6", + "fa668b20-3728-46d0-a810-0a6e3727e9dd", "197c6dc3-cb49-4482-8381-a89e27cc960f", "e81fb515-1196-411c-818d-8f4d837ce000", "4b29a17b-d4c4-4d29-a120-296f69b2875e", @@ -2126,7 +2431,7 @@ "customLabel": true, "dataType": "string", "isBucketed": true, - "label": "Found Secret", + "label": "Secret", "operationType": "terms", "params": { "missingBucket": false, @@ -2165,6 +2470,27 @@ }, "scale": "ordinal", "sourceField": "github.repository.name" + }, + "fa668b20-3728-46d0-a810-0a6e3727e9dd": { + "customLabel": true, + "dataType": "number", + "isBucketed": true, + "label": "Secret Alert Number", + "operationType": "range", + "params": { + "includeEmptyRows": true, + "maxBars": "auto", + "ranges": [ + { + "from": 0, + "label": "", + "to": 1000 + } + ], + "type": "histogram" + }, + "scale": "interval", + "sourceField": "github.secret_scanning.number" } }, "incompleteColumns": {} @@ -2180,14 +2506,17 @@ "meta": { "alias": null, "disabled": false, - "index": "ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "index": "62fa5cf0-5645-4953-91a7-4049d24dcf0e", "key": "data_stream.dataset", "negate": false, "params": [ "github.secret_scanning" ], - "type": "phrases" - }, + "type": "phrases", + "value": [ + "github.secret_scanning" + ] + }, "query": { "bool": { "minimum_should_match": 1, @@ -2208,28 +2537,45 @@ "meta": { "alias": null, "disabled": false, - "index": "94bf6c5a-a948-40c1-95a7-52d11ef68bad", - "key": "github.state", + "field": "github.secret_scanning.state", + "index": "138b89f4-4c57-4f00-8330-6bdb0948c3e2", + "key": "github.secret_scanning.state", "negate": false, - "params": [ - "open" - ], - "type": "phrases" + "params": { + "query": "open" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "open" - } - } - ] + "match_phrase": { + "github.secret_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "698830c1-cb7c-4887-b8eb-ef9f26cfabed", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2245,6 +2591,7 @@ }, { "columnId": "197c6dc3-cb49-4482-8381-a89e27cc960f", + "isMetric": false, "isTransposed": false }, { @@ -2263,6 +2610,11 @@ "columnId": "308e4990-dd31-471d-a467-d9c8a775476d", "hidden": true, "isTransposed": false + }, + { + "columnId": "fa668b20-3728-46d0-a810-0a6e3727e9dd", + "isMetric": false, + "isTransposed": false } ], "layerId": "725aa594-f41c-4b3e-a6cf-8c115b602f57", @@ -2276,22 +2628,22 @@ } }, "title": "Found Secrets [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsDatatable" }, "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + "hidePanelTitles": false }, "gridData": { "h": 15, "i": "991aa388-e5d6-469b-911a-1cbcd1b84417", "w": 48, "x": 0, - "y": 55 + "y": 57 }, "panelIndex": "991aa388-e5d6-469b-911a-1cbcd1b84417", - "type": "lens", - "version": "8.7.0" + "title": "Open Secret Details [GitHub Secret Scanning]", + "type": "lens" }, { "embeddableConfig": { @@ -2300,59 +2652,54 @@ "references": [ { "id": "logs-*", - "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", + "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "14da57f1-2ea1-460e-8a76-54fa2a265d53", "type": "index-pattern" }, { "id": "logs-*", - "name": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "name": "59f0a3b7-7686-43fe-8a25-c86a7b4fed69", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { - "2321cd3f-039b-44be-90a5-03028195d49e": { + "ebd4f001-671a-4772-a2c4-b07f94e34845": { "columnOrder": [ - "37a962c0-4797-484d-b2e6-00a280b3edc2", - "871b560f-f208-41a2-978b-b97664f99807" + "fc40a758-e2ae-45db-88c1-439660cb7f66", + "5caf7916-eab1-42d2-b591-41039ee8ed72" ], "columns": { - "37a962c0-4797-484d-b2e6-00a280b3edc2": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "User", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "871b560f-f208-41a2-978b-b97664f99807", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": false, - "parentFormat": { - "id": "terms" - }, - "secondaryFields": [], - "size": 10 - }, - "scale": "ordinal", - "sourceField": "github.secret_scanning.resolved_by.login" - }, - "871b560f-f208-41a2-978b-b97664f99807": { - "customLabel": true, + "5caf7916-eab1-42d2-b591-41039ee8ed72": { "dataType": "number", "isBucketed": false, - "label": "Fixed Secrets Count", + "label": "Count of records", "operationType": "count", "params": { "emptyAsNull": true }, "scale": "ratio", "sourceField": "___records___" + }, + "fc40a758-e2ae-45db-88c1-439660cb7f66": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "dropPartials": false, + "includeEmptyRows": true, + "interval": "auto" + }, + "scale": "interval", + "sourceField": "@timestamp" } }, "incompleteColumns": {} @@ -2368,28 +2715,44 @@ "meta": { "alias": null, "disabled": false, - "index": "8908ff94-5bd3-4a76-b219-1ba7128998c6", + "index": "14da57f1-2ea1-460e-8a76-54fa2a265d53", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.secret_scanning" - ], - "type": "phrases" + "params": { + "query": "github.secret_scanning" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - } - ] + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "59f0a3b7-7686-43fe-8a25-c86a7b4fed69", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2414,19 +2777,21 @@ "layers": [ { "accessors": [ - "871b560f-f208-41a2-978b-b97664f99807" + "5caf7916-eab1-42d2-b591-41039ee8ed72" ], - "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", + "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", "layerType": "data", - "seriesType": "bar_horizontal", - "xAccessor": "37a962c0-4797-484d-b2e6-00a280b3edc2" + "position": "top", + "seriesType": "line", + "showGridlines": false, + "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" } ], "legend": { "isVisible": true, "position": "right" }, - "preferredSeriesType": "bar_horizontal", + "preferredSeriesType": "line", "tickLabelsVisibilitySettings": { "x": true, "yLeft": true, @@ -2435,22 +2800,21 @@ "valueLabels": "hide" } }, - "title": "Top users resolving secrets [GitHub Secret Scanning]", + "title": "Events Timeline [GitHub Secret Scanning]", + "type": "lens", "visualizationType": "lnsXY" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 11, - "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "w": 15, - "x": 33, - "y": 70 + "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "w": 33, + "x": 0, + "y": 72 }, - "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", - "type": "lens", - "version": "8.7.0" + "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", + "type": "lens" }, { "embeddableConfig": { @@ -2459,48 +2823,65 @@ "references": [ { "id": "logs-*", - "name": "indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "name": "indexpattern-datasource-layer-2321cd3f-039b-44be-90a5-03028195d49e", "type": "index-pattern" }, { "id": "logs-*", - "name": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "name": "7be3a271-20b7-4016-a272-f9348f992bc6", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "608e4caa-5893-4834-b81d-f45535001da2", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { - "ebd4f001-671a-4772-a2c4-b07f94e34845": { + "2321cd3f-039b-44be-90a5-03028195d49e": { "columnOrder": [ - "fc40a758-e2ae-45db-88c1-439660cb7f66", - "5caf7916-eab1-42d2-b591-41039ee8ed72" + "37a962c0-4797-484d-b2e6-00a280b3edc2", + "871b560f-f208-41a2-978b-b97664f99807" ], "columns": { - "5caf7916-eab1-42d2-b591-41039ee8ed72": { + "37a962c0-4797-484d-b2e6-00a280b3edc2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "User", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "871b560f-f208-41a2-978b-b97664f99807", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": false, + "parentFormat": { + "id": "terms" + }, + "secondaryFields": [], + "size": 10 + }, + "scale": "ordinal", + "sourceField": "github.secret_scanning.resolved_by.login" + }, + "871b560f-f208-41a2-978b-b97664f99807": { + "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Count of records", + "label": "Fixed Secrets Count", "operationType": "count", "params": { "emptyAsNull": true }, "scale": "ratio", "sourceField": "___records___" - }, - "fc40a758-e2ae-45db-88c1-439660cb7f66": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "dropPartials": false, - "includeEmptyRows": true, - "interval": "auto" - }, - "scale": "interval", - "sourceField": "@timestamp" } }, "incompleteColumns": {} @@ -2516,96 +2897,121 @@ "meta": { "alias": null, "disabled": false, - "index": "6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "index": "7be3a271-20b7-4016-a272-f9348f992bc6", "key": "data_stream.dataset", "negate": false, + "params": [ + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "608e4caa-5893-4834-b81d-f45535001da2", + "key": "labels.is_transform_source", + "negate": false, "params": { - "query": "github.secret_scanning" + "query": "false" }, "type": "phrase" }, "query": { "match_phrase": { - "data_stream.dataset": "github.secret_scanning" + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, "layers": [ { - "accessors": [ - "5caf7916-eab1-42d2-b591-41039ee8ed72" - ], - "layerId": "ebd4f001-671a-4772-a2c4-b07f94e34845", + "categoryDisplay": "default", + "colorMapping": { + "assignments": [], + "colorMode": { + "type": "categorical" + }, + "paletteId": "eui_amsterdam_color_blind", + "specialAssignments": [ + { + "color": { + "type": "loop" + }, + "rule": { + "type": "other" + }, + "touched": false + } + ] + }, + "layerId": "2321cd3f-039b-44be-90a5-03028195d49e", "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "xAccessor": "fc40a758-e2ae-45db-88c1-439660cb7f66" + "legendDisplay": "default", + "metrics": [ + "871b560f-f208-41a2-978b-b97664f99807" + ], + "nestedLegend": false, + "numberDisplay": "percent", + "primaryGroups": [ + "37a962c0-4797-484d-b2e6-00a280b3edc2" + ] } ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" + "shape": "pie" } }, - "title": "Events Timeline [GitHub Secret Scanning]", - "visualizationType": "lnsXY" + "title": "Top users resolving secrets [GitHub Secret Scanning]", + "type": "lens", + "visualizationType": "lnsPie" }, - "enhancements": {}, - "type": "lens" + "enhancements": {} }, "gridData": { "h": 11, - "i": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "w": 33, - "x": 0, - "y": 70 + "i": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "w": 15, + "x": 33, + "y": 72 }, - "panelIndex": "36cee00b-70b3-4bb5-a4b3-2448061135f8", - "type": "lens", - "version": "8.7.0" + "panelIndex": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b", + "type": "lens" } ], "timeRestore": false, "title": "[GitHub] Secret Scanning Alerts", "version": 1 }, - "coreMigrationVersion": "8.7.1", - "created_at": "2023-07-10T01:33:52.035Z", + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-28T13:02:29.889Z", "id": "github-591d69e0-17b6-11ed-809a-7b4be950fe9c", - "migrationVersion": { - "dashboard": "8.7.0" - }, + "managed": false, "references": [ { "id": "logs-*", @@ -2614,192 +3020,192 @@ }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", "type": "index-pattern" }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:99882a8f-757f-4692-b7dd-56e561a7a5ac", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:74a98555-38d3-4ce6-8771-b4e706f99285", "type": "index-pattern" }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:fac9d156-24f2-409d-9f1b-200dbd5a9b5a", + "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:b87bf6d3-a1cf-49ca-91fc-1f89a43ce946", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", + "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:b4c59839-c76c-4634-ad1f-04870a39a7b1", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_bcb03b9e-5278-4d66-a4da-762d41ec13cd:optionsListDataView", + "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:b72103a9-fcc2-4435-808c-4f1ced14163e", "type": "index-pattern" }, { "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", + "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "77e597be-8cdc-4fa3-9dee-4e4ed1103e55:a27a9357-b353-46a3-9116-530f354b09b9", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:82707691-0a6e-4141-a447-a4949afde05e", "type": "index-pattern" }, { "id": "logs-*", - "name": "277a4af7-61c6-40d9-80a6-2d73df097618:ef2a4614-151f-42d0-8707-257d009298ea", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:ebb37af2-6f6a-4163-8bc0-730dc706980e", "type": "index-pattern" }, { "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:indexpattern-datasource-layer-cbc5557e-f6b9-4140-90b2-3100f33083c4", + "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:efb8e7ed-a6ee-4430-aad5-fcc6dcbc4ab1", "type": "index-pattern" }, { "id": "logs-*", - "name": "51a087d0-9c56-4047-9404-b4b7b37497b0:d7c9ae82-adc1-4169-a1ac-2fea90204f25", + "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", "type": "index-pattern" }, { "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:b2d41cbe-238c-4c90-994d-d8e8f1668a44", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:6478570c-21b8-419e-88ec-f5430727e67d", "type": "index-pattern" }, { "id": "logs-*", - "name": "3c9e482b-4cd2-43e2-a1aa-5a6d66050c16:d4cc48c0-fb83-4b1d-9c91-369a087165c4", + "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:c4f14f66-1d6b-4b28-9310-c4f6bd1aae69", "type": "index-pattern" }, { "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", "type": "index-pattern" }, { "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:9c0d6963-bc22-4d2d-9028-20e603d307e7", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:aa689156-ebeb-462b-b8f7-ae6fa597a250", "type": "index-pattern" }, { "id": "logs-*", - "name": "e6cb0087-c5ba-49f2-8ae9-b206d2346609:dac33af7-8640-4326-8c95-afddf6194657", + "name": "a7adc099-113f-4113-b592-24b5ceff484e:eef2d1bb-8cb1-4d86-b987-9580ec987f27", "type": "index-pattern" }, { "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", "type": "index-pattern" }, { "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:e9f91f71-3727-4bf1-9d0a-2742347e223f", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:567fc10c-ce82-4b9c-a6d5-0981e9e41087", "type": "index-pattern" }, { "id": "logs-*", - "name": "892ed6dd-afe7-4685-bebb-5f1a70b44692:f34d1f77-a34c-4ac9-ab7a-6892d9505a80", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:c5adbfcc-88bf-45df-b656-04896b48ed9a", "type": "index-pattern" }, { "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:bfd462b5-9f2d-43a6-8452-eb1aef1b9765", "type": "index-pattern" }, { "id": "logs-*", - "name": "429f2ded-1aca-42cd-9190-9afddb03eabf:89debdad-d323-4640-918b-2c38d061e212", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", "type": "index-pattern" }, { "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:6f786b20-f828-4ef4-b888-97f280ac8dc6", "type": "index-pattern" }, { "id": "logs-*", - "name": "a7adc099-113f-4113-b592-24b5ceff484e:11287d36-4d96-447c-b336-56ae03fcbc16", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:eb9a956f-1e94-48c2-9170-352ae07d0241", "type": "index-pattern" }, { "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:5947d171-d241-4770-8342-4b28919970ca", "type": "index-pattern" }, { "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:25c2db0c-d286-407e-9c0b-55252a2ad165", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", "type": "index-pattern" }, { "id": "logs-*", - "name": "883397dd-0064-48f2-b257-c8ed4295b0b9:82cbb0d6-87ad-47e3-bed4-84e8d7f812d1", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:1ac19e51-e199-42a7-828e-605917ab1e27", "type": "index-pattern" }, { "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:2b87a91f-94c3-473c-8355-135532524691", "type": "index-pattern" }, { "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:acfd1c9a-be16-4275-ae7d-0ad42b060de0", + "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:4e8c0fa0-90c0-4551-af33-76c6ccbf7efe", "type": "index-pattern" }, { "id": "logs-*", - "name": "d0ec4a50-b9da-4775-9f64-5389f898aee3:42fcf4b5-0905-4d97-baa9-c08a61bc3b7a", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", "type": "index-pattern" }, { "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:62fa5cf0-5645-4953-91a7-4049d24dcf0e", "type": "index-pattern" }, { "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:c26ebed6-b942-43ed-9f00-ccf3c5842f5f", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:138b89f4-4c57-4f00-8330-6bdb0948c3e2", "type": "index-pattern" }, { "id": "logs-*", - "name": "7cccdf3a-7c20-4bb6-8adb-3b2d83c7a0b8:54bf50e3-8882-4a5e-a4ad-e4d684c3abaa", + "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:698830c1-cb7c-4887-b8eb-ef9f26cfabed", "type": "index-pattern" }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:indexpattern-datasource-layer-725aa594-f41c-4b3e-a6cf-8c115b602f57", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", "type": "index-pattern" }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:ee8e512a-72ec-4ab7-9c01-8bc987dc2b42", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:14da57f1-2ea1-460e-8a76-54fa2a265d53", "type": "index-pattern" }, { "id": "logs-*", - "name": "991aa388-e5d6-469b-911a-1cbcd1b84417:94bf6c5a-a948-40c1-95a7-52d11ef68bad", + "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:59f0a3b7-7686-43fe-8a25-c86a7b4fed69", "type": "index-pattern" }, { @@ -2809,19 +3215,40 @@ }, { "id": "logs-*", - "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:8908ff94-5bd3-4a76-b219-1ba7128998c6", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:7be3a271-20b7-4016-a272-f9348f992bc6", "type": "index-pattern" }, { "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "name": "ff2747ad-ec9c-44a5-b8f9-9347be86c98b:608e4caa-5893-4834-b81d-f45535001da2", "type": "index-pattern" }, { "id": "logs-*", - "name": "36cee00b-70b3-4bb5-a4b3-2448061135f8:6a77e887-9ac6-4cc2-90b9-9013fb2bf30a", + "name": "controlGroup_54e33c68-ad08-412f-852a-f669391018b0:optionsListDataView", "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_66d2324e-be32-41be-b685-54ba2cc58c2b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "controlGroup_9fd25971-d168-4a50-985f-9e1bb266c93e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-github-security-solution-default", + "type": "tag" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-security-solution-default", + "type": "tag" } ], - "type": "dashboard" + "type": "dashboard", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json index 1661ac30ed52..83c31394bd3b 100644 --- a/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json +++ b/packages/github/kibana/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a.json @@ -3,8 +3,65 @@ "controlGroupInput": { "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"2132f9ab-9cce-423a-beed-e02e6d4d5ed9\",\"enhancements\":{},\"selectedOptions\":[]}},\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"2f1b6c0b-96fc-479a-b7ef-145c84df585e\",\"enhancements\":{},\"selectedOptions\":[]}},\"91415c25-696a-4928-92e3-2c578e14c7a3\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"91415c25-696a-4928-92e3-2c578e14c7a3\",\"enhancements\":{}}},\"a1e7b5ed-b636-4db8-87e1-779863061f45\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"a1e7b5ed-b636-4db8-87e1-779863061f45\",\"enhancements\":{},\"selectedOptions\":[]}}}" + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "2132f9ab-9cce-423a-beed-e02e6d4d5ed9": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.dependabot.state", + "id": "2132f9ab-9cce-423a-beed-e02e6d4d5ed9", + "searchTechnique": "prefix", + "title": "State" + }, + "grow": true, + "order": 2, + "type": "optionsListControl", + "width": "medium" + }, + "2f1b6c0b-96fc-479a-b7ef-145c84df585e": { + "explicitInput": { + "enhancements": {}, + "fieldName": "vulnerability.severity", + "id": "2f1b6c0b-96fc-479a-b7ef-145c84df585e", + "searchTechnique": "prefix", + "title": "Severity" + }, + "grow": true, + "order": 3, + "type": "optionsListControl", + "width": "medium" + }, + "91415c25-696a-4928-92e3-2c578e14c7a3": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.owner.login", + "id": "91415c25-696a-4928-92e3-2c578e14c7a3", + "title": "Owner/Organization" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "a1e7b5ed-b636-4db8-87e1-779863061f45": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.name", + "id": "a1e7b5ed-b636-4db8-87e1-779863061f45", + "selectedOptions": [], + "title": "Repository" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + } + } }, "description": "", "kibanaSavedObjectMeta": { @@ -18,25 +75,51 @@ "alias": "Dependabot", "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "event.action", "negate": false, "params": [ - "dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { "match_phrase": { - "event.action": "dependabot" + "data_stream.dataset": "github.dependabot" } } - ] - } - } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + }, + "query": {} } ], "query": { @@ -53,6 +136,43 @@ "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [Advanced Security Overview](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [Code Scanning](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [Secret Scanning](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [**Dependabot (This Page)**](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [Issues](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the alerts ingested from Github Code Scanning.\n\nThe dashboard provides details on code scanning alerts that are open and resolved. It deep-dives into the top 10 repositories where code scanning alerts are found. It also calculates the mean-time to resolve (or dismiss) an open code scanning alert. The dashboard presents a view of alerts by severity and code scanning rules defining the alerts. Finally, it gives a layout of top users resolving the code scanning alerts.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 29, + "i": "1071c906-b782-4bc2-a984-242659dd27a5", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1071c906-b782-4bc2-a984-242659dd27a5", + "title": "Table of Contents", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -65,11 +185,17 @@ }, { "id": "logs-*", - "name": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "name": "3e659cd4-b937-4355-8c5b-8432bb409130", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "545cf931-5e16-4676-b420-6f2ff87509a5", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -104,13 +230,16 @@ "meta": { "alias": null, "disabled": false, - "index": "85aacdea-d37b-4e6a-ae32-81077ddccb60", + "index": "3e659cd4-b937-4355-8c5b-8432bb409130", "key": "data_stream.dataset", "negate": false, "params": [ "github.dependabot" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.dependabot" + ] }, "query": { "bool": { @@ -124,35 +253,57 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "545cf931-5e16-4676-b420-6f2ff87509a5", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "color": "#6092C0", "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", "layerType": "data", - "textAlign": "center", - "titlePosition": "top" + "metricAccessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" } }, "title": "Total Alerts Created [GitHub Dependabot]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, "gridData": { "h": 5, "i": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 0 }, "panelIndex": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -166,11 +317,17 @@ }, { "id": "logs-*", - "name": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "name": "831d0cdc-6df9-48ce-be06-92e1fecddfe7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "96282068-4ea5-481c-8641-ad0b79c42e38", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -195,7 +352,7 @@ "decimals": 2 } }, - "formula": "count()/count(kql='github.state:dismissed')", + "formula": "count()/count(kql='NOT github.dependabot.state:open')", "isFormulaBroken": false }, "references": [ @@ -207,7 +364,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -220,10 +377,10 @@ "dataType": "number", "filter": { "language": "kuery", - "query": "github.state:dismissed" + "query": "NOT github.dependabot.state:open" }, "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -235,7 +392,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Alerts Found/Fixed Ratio", "operationType": "math", "params": { "tinymathAst": { @@ -244,11 +401,11 @@ "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" ], "location": { - "max": 43, + "max": 53, "min": 0 }, "name": "divide", - "text": "count()/count(kql='github.state:dismissed')", + "text": "count()/count(kql='NOT github.dependabot.state:open')", "type": "function" } }, @@ -272,13 +429,16 @@ "meta": { "alias": null, "disabled": false, - "index": "a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "index": "831d0cdc-6df9-48ce-be06-92e1fecddfe7", "key": "data_stream.dataset", "negate": false, "params": [ "github.dependabot" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.dependabot" + ] }, "query": { "bool": { @@ -292,22 +452,45 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "96282068-4ea5-481c-8641-ad0b79c42e38", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Alerts Found/Fixed Ratio [GitHub Dependabot]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -315,13 +498,12 @@ "gridData": { "h": 8, "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 0 }, "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -335,11 +517,17 @@ }, { "id": "logs-*", - "name": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "name": "a3c8212e-008b-4776-8e77-67c85e706583", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b78bb6b2-ff55-4127-9550-aca97f5ea305", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -370,7 +558,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.state" + "sourceField": "github.dependabot.state" }, "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { "dataType": "number", @@ -397,7 +585,7 @@ "meta": { "alias": null, "disabled": false, - "index": "ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "index": "a3c8212e-008b-4776-8e77-67c85e706583", "key": "data_stream.dataset", "negate": false, "params": { @@ -410,8 +598,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b78bb6b2-ff55-4127-9550-aca97f5ea305", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -444,20 +655,20 @@ } }, "title": "Open vs Resolved/Dismissed [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {} }, "gridData": { - "h": 15, + "h": 16, "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, + "w": 16, + "x": 32, "y": 0 }, "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -471,16 +682,17 @@ }, { "id": "logs-*", - "name": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "name": "6568da5b-d430-4440-baed-7f16226e190b", "type": "index-pattern" }, { "id": "logs-*", - "name": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "name": "acc71999-52b6-4799-a900-f1bd3d50a0df", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -521,24 +733,40 @@ "meta": { "alias": null, "disabled": false, - "index": "9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", - "key": "data_stream.dataset", + "field": "github.dependabot.state", + "index": "6568da5b-d430-4440-baed-7f16226e190b", + "key": "github.dependabot.state", "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" + "params": { + "query": "open" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] + "match_phrase": { + "github.dependabot.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "acc71999-52b6-4799-a900-f1bd3d50a0df", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } }, @@ -549,11 +777,11 @@ "meta": { "alias": null, "disabled": false, - "index": "bbb4d277-741b-49c1-bc79-77a6ee15e94d", - "key": "github.state", + "index": "5340db60-b785-4794-8e92-9807eb63e84f", + "key": "data_stream.dataset", "negate": false, "params": [ - "open" + "github.dependabot" ], "type": "phrases" }, @@ -563,7 +791,7 @@ "should": [ { "match_phrase": { - "github.state": "open" + "data_stream.dataset": "github.dependabot" } } ] @@ -571,76 +799,33 @@ } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#E7664C", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Open Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, "gridData": { - "h": 5, + "h": 6, "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 5 }, "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -654,57 +839,38 @@ }, { "id": "logs-*", - "name": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "name": "ba3b2182-40be-49a0-b334-ed6ee28c0fdc", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + "e33d2853-5b3d-4be9-9312-2d8da64d9523" ], "columns": { - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { + "e33d2853-5b3d-4be9-9312-2d8da64d9523": { "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Resolved/Dismissed Alerts", - "operationType": "formula", + "label": "Mean time to resolve an alert", + "operationType": "average", "params": { + "emptyAsNull": true, "format": { - "id": "number", + "id": "duration", "params": { - "decimals": 0 + "decimals": 0, + "fromUnit": "nanoseconds" } - }, - "formula": "count()", - "isFormulaBroken": false - }, - "references": [ - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" - ], - "scale": "ratio" - }, - "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Dismissed Alerts", - "operationType": "count", - "params": { - "emptyAsNull": false + } }, "scale": "ratio", - "sourceField": "___records___" + "sourceField": "event.duration" } }, "incompleteColumns": {} @@ -720,24 +886,39 @@ "meta": { "alias": null, "disabled": false, - "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "field": "labels.is_transform_source", + "index": "ba3b2182-40be-49a0-b334-ed6ee28c0fdc", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "362b16a4-1e55-419c-b507-aaec968d1598", "key": "data_stream.dataset", "negate": false, - "params": [ - "github.dependabot" - ], - "type": "phrases" + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] + "match_phrase": { + "data_stream.dataset": "github.dependabot" } } }, @@ -748,91 +929,47 @@ "meta": { "alias": null, "disabled": false, - "index": "8977fa6e-37e6-4a2b-a032-d181646ef8cf", - "key": "github.state", + "index": "473949e3-40f8-4d9c-88b5-faf5a3ddbcdd", + "key": "event.duration", "negate": false, - "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" + "type": "exists" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } - }, - { - "match_phrase": { - "github.state": "resolved" - } - } - ] + "exists": { + "field": "event.duration" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523" } }, - "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", - "visualizationType": "lnsLegacyMetric" + "title": "Mean Time to Resolution [GitHub Dependabot]", + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 5, - "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 + "h": 8, + "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "w": 11, + "x": 21, + "y": 8 }, - "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "type": "lens", - "version": "8.7.1" + "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", + "title": "Mean Time To Resolution [GitHub Dependabot]", + "type": "lens" }, { "embeddableConfig": { @@ -846,35 +983,58 @@ }, { "id": "logs-*", - "name": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "name": "aa75b36e-4cb3-44e0-87a2-facf1b53b686", "type": "index-pattern" }, { "id": "logs-*", - "name": "006ef10a-8064-4e48-8ff1-413c550d6204", + "name": "e9c2e4d3-e49d-42a9-b968-73c1125c765c", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ - "e33d2853-5b3d-4be9-9312-2d8da64d9523" + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" ], "columns": { - "e33d2853-5b3d-4be9-9312-2d8da64d9523": { + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e": { "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Mean time to resolve an alert", - "operationType": "average", + "label": "Resolved/Dismissed Alerts", + "operationType": "formula", "params": { - "emptyAsNull": true + "format": { + "id": "number", + "params": { + "decimals": 0 + } + }, + "formula": "count()", + "isFormulaBroken": false + }, + "references": [ + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0" + ], + "scale": "ratio" + }, + "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Resolved/Dismissed Alerts", + "operationType": "count", + "params": { + "emptyAsNull": false }, "scale": "ratio", - "sourceField": "event.duration" + "sourceField": "___records___" } }, "incompleteColumns": {} @@ -890,17 +1050,40 @@ "meta": { "alias": null, "disabled": false, - "index": "03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", - "key": "data_stream.dataset", + "field": "github.dependabot.state", + "index": "aa75b36e-4cb3-44e0-87a2-facf1b53b686", + "key": "github.dependabot.state", + "negate": true, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.dependabot.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "e9c2e4d3-e49d-42a9-b968-73c1125c765c", + "key": "labels.is_transform_source", "negate": false, "params": { - "query": "github.dependabot" + "query": "false" }, "type": "phrase" }, "query": { "match_phrase": { - "data_stream.dataset": "github.dependabot" + "labels.is_transform_source": "false" } } }, @@ -911,48 +1094,56 @@ "meta": { "alias": null, "disabled": false, - "index": "006ef10a-8064-4e48-8ff1-413c550d6204", - "key": "event.duration", + "index": "7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "key": "data_stream.dataset", "negate": false, - "type": "exists", - "value": "exists" + "params": [ + "github.dependabot" + ], + "type": "phrases" }, "query": { - "exists": { - "field": "event.duration" + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.dependabot" + } + } + ] } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", + "color": "#54B399", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, - "title": "Mean Time to Resolution [GitHub Dependabot]", - "visualizationType": "lnsLegacyMetric" + "title": "Resolved/Dismissed Alerts Count [GitHub Dependabot]", + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 7, - "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, - "y": 8 + "h": 5, + "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "w": 11, + "x": 10, + "y": 11 }, - "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "title": "Mean Time To Resolution [GitHub Dependabot]", - "type": "lens", - "version": "8.7.1" + "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", + "type": "lens" }, { "embeddableConfig": { @@ -966,11 +1157,17 @@ }, { "id": "logs-*", - "name": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "name": "aaa9b39a-6a8f-4a6b-b816-574c85664042", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f81b9908-5e3d-4888-9b6a-cd769692eedf", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1069,13 +1266,16 @@ "meta": { "alias": null, "disabled": false, - "index": "d3e8e716-b6e8-4db6-8948-87e49827aebb", + "index": "aaa9b39a-6a8f-4a6b-b816-574c85664042", "key": "data_stream.dataset", "negate": false, "params": [ "github.dependabot" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.dependabot" + ] }, "query": { "bool": { @@ -1089,8 +1289,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "f81b9908-5e3d-4888-9b6a-cd769692eedf", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1145,20 +1368,20 @@ } }, "title": "Alerts count by owner and by repository [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} }, "gridData": { - "h": 12, + "h": 13, "i": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "w": 25, - "x": 0, - "y": 15 + "w": 19, + "x": 10, + "y": 16 }, "panelIndex": "9a3577e8-d452-46cc-b2dd-9424ec80c871", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1172,11 +1395,17 @@ }, { "id": "logs-*", - "name": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "name": "09402439-6a6f-40e2-a771-c8d8b21c2055", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9f8424f3-a5fa-49a0-865c-044c81396a9b", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1255,13 +1484,16 @@ "meta": { "alias": null, "disabled": false, - "index": "badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "index": "09402439-6a6f-40e2-a771-c8d8b21c2055", "key": "data_stream.dataset", "negate": false, "params": [ "github.dependabot" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.dependabot" + ] }, "query": { "bool": { @@ -1275,8 +1507,31 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "9f8424f3-a5fa-49a0-865c-044c81396a9b", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1303,21 +1558,21 @@ } }, "title": "Aerts % by owner and by repository [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 12, + "h": 13, "i": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "w": 23, - "x": 25, - "y": 15 + "w": 19, + "x": 29, + "y": 16 }, "panelIndex": "ae814e70-2e8e-43df-b62e-e32d1c26f676", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1331,11 +1586,17 @@ }, { "id": "logs-*", - "name": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "name": "a91d9706-bd6c-4a0d-ac4a-328fe104f1e2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "218ae079-502d-4aff-b571-9496ae8a1fd8", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1378,7 +1639,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "vulnerability.severity" } }, "incompleteColumns": {} @@ -1394,7 +1655,7 @@ "meta": { "alias": null, "disabled": false, - "index": "fc66a292-57a3-4510-b6f8-681eeb768e10", + "index": "a91d9706-bd6c-4a0d-ac4a-328fe104f1e2", "key": "data_stream.dataset", "negate": false, "params": { @@ -1407,8 +1668,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "218ae079-502d-4aff-b571-9496ae8a1fd8", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1463,6 +1747,7 @@ } }, "title": "Alert Severity Count [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -1473,11 +1758,10 @@ "i": "9653b170-7606-461f-9ac4-bf58547f30db", "w": 14, "x": 0, - "y": 27 + "y": 29 }, "panelIndex": "9653b170-7606-461f-9ac4-bf58547f30db", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1491,11 +1775,17 @@ }, { "id": "logs-*", - "name": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "name": "7a551ce1-a513-4b7d-9b05-c6f5759520bd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d35fd96c-09e5-4437-927b-3eb00114f6bf", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1538,7 +1828,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "vulnerability.severity" } }, "incompleteColumns": {} @@ -1554,7 +1844,7 @@ "meta": { "alias": null, "disabled": false, - "index": "d7218e2e-18ae-4710-8364-1a4cbfee519c", + "index": "7a551ce1-a513-4b7d-9b05-c6f5759520bd", "key": "data_stream.dataset", "negate": false, "params": { @@ -1567,8 +1857,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "d35fd96c-09e5-4437-927b-3eb00114f6bf", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1600,6 +1913,7 @@ } }, "title": "Alert Severity % [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {}, @@ -1610,11 +1924,10 @@ "i": "563a073c-7de0-4095-b0ac-127caed562f2", "w": 11, "x": 14, - "y": 27 + "y": 29 }, "panelIndex": "563a073c-7de0-4095-b0ac-127caed562f2", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1628,11 +1941,17 @@ }, { "id": "logs-*", - "name": "1f3f8544-c39b-4384-985e-d45107d279fb", + "name": "e62929c8-108c-4049-99bf-dada47a2f0d4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "81a476e1-7947-4c03-af9b-8913988b2f22", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1646,7 +1965,7 @@ "00866684-5176-499e-9517-eff9e9102155": { "dataType": "string", "isBucketed": true, - "label": "Top 10 values of github.severity", + "label": "Top 10 values of vulnerability.severity", "operationType": "terms", "params": { "missingBucket": false, @@ -1663,7 +1982,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.severity" + "sourceField": "vulnerability.severity" }, "257a7d8d-1315-4775-97d9-e679c0f3aa79": { "dataType": "date", @@ -1704,7 +2023,7 @@ "meta": { "alias": null, "disabled": false, - "index": "1f3f8544-c39b-4384-985e-d45107d279fb", + "index": "e62929c8-108c-4049-99bf-dada47a2f0d4", "key": "data_stream.dataset", "negate": false, "params": { @@ -1717,8 +2036,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "81a476e1-7947-4c03-af9b-8913988b2f22", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1773,6 +2115,7 @@ } }, "title": "Daily Alerts Count by Severity [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {}, @@ -1783,11 +2126,10 @@ "i": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", "w": 23, "x": 25, - "y": 27 + "y": 29 }, "panelIndex": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1801,11 +2143,17 @@ }, { "id": "logs-*", - "name": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "name": "de154474-03fd-496a-a6a4-c73003a22f17", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3dfa2299-bde5-4c7e-ac0d-41f14400e796", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1864,7 +2212,7 @@ "meta": { "alias": null, "disabled": false, - "index": "09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "index": "de154474-03fd-496a-a6a4-c73003a22f17", "key": "data_stream.dataset", "negate": false, "params": { @@ -1877,8 +2225,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "3dfa2299-bde5-4c7e-ac0d-41f14400e796", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1929,6 +2300,7 @@ } }, "title": "Top files [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -1938,11 +2310,10 @@ "i": "41578b87-d820-42df-92d5-69af2643d793", "w": 36, "x": 0, - "y": 40 + "y": 42 }, "panelIndex": "41578b87-d820-42df-92d5-69af2643d793", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1956,11 +2327,17 @@ }, { "id": "logs-*", - "name": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "name": "245fc98b-9152-40d9-ba26-2b8de94ecc25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "fe7d52e1-c9ef-4b7d-b51d-226eb271ba08", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2019,7 +2396,7 @@ "meta": { "alias": null, "disabled": false, - "index": "2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "index": "245fc98b-9152-40d9-ba26-2b8de94ecc25", "key": "data_stream.dataset", "negate": false, "params": { @@ -2032,8 +2409,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "fe7d52e1-c9ef-4b7d-b51d-226eb271ba08", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2080,6 +2480,7 @@ } }, "title": "Top users dismissing alerts [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -2089,11 +2490,10 @@ "i": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", "w": 12, "x": 36, - "y": 40 + "y": 42 }, "panelIndex": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -2107,11 +2507,17 @@ }, { "id": "logs-*", - "name": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "name": "ddb3d3fe-dcd6-4570-877c-8deff8952d6e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "657d81ad-336b-43c2-ab28-1c55eceaba84", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -2159,7 +2565,7 @@ "meta": { "alias": null, "disabled": false, - "index": "349014a7-1097-4c4b-9805-13b39d46d0bd", + "index": "ddb3d3fe-dcd6-4570-877c-8deff8952d6e", "key": "data_stream.dataset", "negate": false, "params": { @@ -2172,8 +2578,31 @@ "data_stream.dataset": "github.dependabot" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "657d81ad-336b-43c2-ab28-1c55eceaba84", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2222,6 +2651,7 @@ } }, "title": "Events Timeline [GitHub Dependabot]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -2231,23 +2661,20 @@ "i": "12673c47-9148-47a4-a8ab-07a7f06304c7", "w": 48, "x": 0, - "y": 55 + "y": 57 }, "panelIndex": "12673c47-9148-47a4-a8ab-07a7f06304c7", - "type": "lens", - "version": "8.7.1" + "type": "lens" } ], "timeRestore": false, "title": "[GitHub] Dependabot Alerts", "version": 1 }, - "coreMigrationVersion": "8.7.1", - "created_at": "2023-07-10T01:36:35.072Z", + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-28T13:02:13.548Z", "id": "github-6197be80-220c-11ed-88c4-e3caca48250a", - "migrationVersion": { - "dashboard": "8.7.0" - }, + "managed": false, "references": [ { "id": "logs-*", @@ -2261,7 +2688,12 @@ }, { "id": "logs-*", - "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:85aacdea-d37b-4e6a-ae32-81077ddccb60", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:3e659cd4-b937-4355-8c5b-8432bb409130", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a7d99fc1-400a-4e55-8bbb-76d9aad7eedc:545cf931-5e16-4676-b420-6f2ff87509a5", "type": "index-pattern" }, { @@ -2271,7 +2703,12 @@ }, { "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:a849fd8c-6f48-4f51-9f6f-ab6e7862171c", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:831d0cdc-6df9-48ce-be06-92e1fecddfe7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:96282068-4ea5-481c-8641-ad0b79c42e38", "type": "index-pattern" }, { @@ -2281,52 +2718,52 @@ }, { "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:ee0d69d7-f2ce-4a24-aaae-9d8934f3368e", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:a3c8212e-008b-4776-8e77-67c85e706583", "type": "index-pattern" }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:b78bb6b2-ff55-4127-9550-aca97f5ea305", "type": "index-pattern" }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:9e8fb4bd-1d35-4c80-80cc-d52bef7f7771", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:bbb4d277-741b-49c1-bc79-77a6ee15e94d", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:6568da5b-d430-4440-baed-7f16226e190b", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:acc71999-52b6-4799-a900-f1bd3d50a0df", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:7196f033-fe4d-41cb-b3c7-4c45300d6a68", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:8977fa6e-37e6-4a2b-a032-d181646ef8cf", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:ba3b2182-40be-49a0-b334-ed6ee28c0fdc", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:03a792fe-87d1-4d81-8a7c-0c9d22b41a1b", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:aa75b36e-4cb3-44e0-87a2-facf1b53b686", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:006ef10a-8064-4e48-8ff1-413c550d6204", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:e9c2e4d3-e49d-42a9-b968-73c1125c765c", "type": "index-pattern" }, { @@ -2336,7 +2773,12 @@ }, { "id": "logs-*", - "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:d3e8e716-b6e8-4db6-8948-87e49827aebb", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:aaa9b39a-6a8f-4a6b-b816-574c85664042", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9a3577e8-d452-46cc-b2dd-9424ec80c871:f81b9908-5e3d-4888-9b6a-cd769692eedf", "type": "index-pattern" }, { @@ -2346,7 +2788,12 @@ }, { "id": "logs-*", - "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:badbb3b4-d90f-44b5-bf22-2e47716a3e09", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:09402439-6a6f-40e2-a771-c8d8b21c2055", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ae814e70-2e8e-43df-b62e-e32d1c26f676:9f8424f3-a5fa-49a0-865c-044c81396a9b", "type": "index-pattern" }, { @@ -2356,7 +2803,12 @@ }, { "id": "logs-*", - "name": "9653b170-7606-461f-9ac4-bf58547f30db:fc66a292-57a3-4510-b6f8-681eeb768e10", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:a91d9706-bd6c-4a0d-ac4a-328fe104f1e2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9653b170-7606-461f-9ac4-bf58547f30db:218ae079-502d-4aff-b571-9496ae8a1fd8", "type": "index-pattern" }, { @@ -2366,7 +2818,12 @@ }, { "id": "logs-*", - "name": "563a073c-7de0-4095-b0ac-127caed562f2:d7218e2e-18ae-4710-8364-1a4cbfee519c", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:7a551ce1-a513-4b7d-9b05-c6f5759520bd", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "563a073c-7de0-4095-b0ac-127caed562f2:d35fd96c-09e5-4437-927b-3eb00114f6bf", "type": "index-pattern" }, { @@ -2376,7 +2833,12 @@ }, { "id": "logs-*", - "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:1f3f8544-c39b-4384-985e-d45107d279fb", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:e62929c8-108c-4049-99bf-dada47a2f0d4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "d5326dec-bbfa-4a0c-b820-f6d915d5a9c5:81a476e1-7947-4c03-af9b-8913988b2f22", "type": "index-pattern" }, { @@ -2386,7 +2848,12 @@ }, { "id": "logs-*", - "name": "41578b87-d820-42df-92d5-69af2643d793:09303186-e13c-4afb-b6f1-bf3eeb7d1423", + "name": "41578b87-d820-42df-92d5-69af2643d793:de154474-03fd-496a-a6a4-c73003a22f17", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "41578b87-d820-42df-92d5-69af2643d793:3dfa2299-bde5-4c7e-ac0d-41f14400e796", "type": "index-pattern" }, { @@ -2396,7 +2863,12 @@ }, { "id": "logs-*", - "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:2074f8e1-7a11-4232-9ac4-09bfe773beb8", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:245fc98b-9152-40d9-ba26-2b8de94ecc25", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4f4ecefc-738e-4b86-8013-4b78bcb6d79b:fe7d52e1-c9ef-4b7d-b51d-226eb271ba08", "type": "index-pattern" }, { @@ -2406,7 +2878,12 @@ }, { "id": "logs-*", - "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:349014a7-1097-4c4b-9805-13b39d46d0bd", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:ddb3d3fe-dcd6-4570-877c-8deff8952d6e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "12673c47-9148-47a4-a8ab-07a7f06304c7:657d81ad-336b-43c2-ab28-1c55eceaba84", "type": "index-pattern" }, { @@ -2428,7 +2905,18 @@ "id": "logs-*", "name": "controlGroup_a1e7b5ed-b636-4db8-87e1-779863061f45:optionsListDataView", "type": "index-pattern" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-github-security-solution-default", + "type": "tag" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-security-solution-default", + "type": "tag" } ], - "type": "dashboard" + "type": "dashboard", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json index ee27defaac5a..0a5416c83b9c 100644 --- a/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json +++ b/packages/github/kibana/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c.json @@ -3,13 +3,143 @@ "controlGroupInput": { "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/ Organization\",\"id\":\"2b7c10cd-1a6d-4dff-8cf9-848904b101d7\",\"enhancements\":{},\"selectedOptions\":[]}},\"05d7ed66-221a-437a-9e07-5094ce9d57e0\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"05d7ed66-221a-437a-9e07-5094ce9d57e0\",\"enhancements\":{}}},\"b1a338bb-89af-425e-91eb-1c8a32641422\":{\"order\":3,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"b1a338bb-89af-425e-91eb-1c8a32641422\",\"selectedOptions\":[],\"enhancements\":{}}},\"5c430006-8043-4e34-96dd-34b596dcba61\":{\"order\":4,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.severity\",\"title\":\"Severity\",\"id\":\"5c430006-8043-4e34-96dd-34b596dcba61\",\"enhancements\":{},\"selectedOptions\":[]}},\"81297eab-88c0-477b-8132-39cbb430b6c7\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"event.action\",\"title\":\"Alert Type\",\"id\":\"81297eab-88c0-477b-8132-39cbb430b6c7\",\"selectedOptions\":[],\"enhancements\":{}}}}" + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "05d7ed66-221a-437a-9e07-5094ce9d57e0": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.name", + "id": "05d7ed66-221a-437a-9e07-5094ce9d57e0", + "searchTechnique": "prefix", + "title": "Repository" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + }, + "2b7c10cd-1a6d-4dff-8cf9-848904b101d7": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.owner.login", + "id": "2b7c10cd-1a6d-4dff-8cf9-848904b101d7", + "searchTechnique": "prefix", + "selectedOptions": [], + "title": "Owner/ Organization" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "7698ce80-6744-4377-bf21-24abb9381703": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.code_scanning.state", + "grow": true, + "id": "7698ce80-6744-4377-bf21-24abb9381703", + "searchTechnique": "prefix", + "title": "Code Scanning State", + "width": "medium" + }, + "grow": true, + "order": 5, + "type": "optionsListControl", + "width": "medium" + }, + "81297eab-88c0-477b-8132-39cbb430b6c7": { + "explicitInput": { + "enhancements": {}, + "fieldName": "data_stream.dataset", + "id": "81297eab-88c0-477b-8132-39cbb430b6c7", + "searchTechnique": "prefix", + "selectedOptions": [], + "title": "Alert Type" + }, + "grow": true, + "order": 2, + "type": "optionsListControl", + "width": "medium" + }, + "a998c705-29a7-4300-9eb4-f0d43c3594c4": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.code_scanning.rule.security_severity_level", + "grow": true, + "id": "a998c705-29a7-4300-9eb4-f0d43c3594c4", + "searchTechnique": "prefix", + "title": "Code Scanning Severity", + "width": "medium" + }, + "grow": true, + "order": 3, + "type": "optionsListControl", + "width": "medium" + }, + "bd97336d-ad44-4b44-841d-723123428475": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.secret_scanning.state", + "grow": true, + "id": "bd97336d-ad44-4b44-841d-723123428475", + "searchTechnique": "prefix", + "title": "Secret Scanning State", + "width": "medium" + }, + "grow": true, + "order": 6, + "type": "optionsListControl", + "width": "medium" + }, + "beb209b8-5b39-4812-af88-7bf5763b33cf": { + "explicitInput": { + "enhancements": {}, + "fieldName": "vulnerability.severity", + "grow": true, + "id": "beb209b8-5b39-4812-af88-7bf5763b33cf", + "searchTechnique": "prefix", + "title": "Dependabot Severity", + "width": "medium" + }, + "grow": true, + "order": 4, + "type": "optionsListControl", + "width": "medium" + } + } }, "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { - "filter": [], + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github*" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github*" + } + } + } + ], "query": { "language": "kuery", "query": "" @@ -24,6 +154,43 @@ "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [**Advanced Security Overview (This Page)**](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [Code Scanning](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [Secret Scanning](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [Dependabot](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [Issues](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the alerts ingested from Github Code Scanning, Secret Scanning, and Dependabot.\n\nThe dashboard provides an overview of code scanning, secret scanning, and dependabot alerts that are open and resolved. It deep-dives into the top 10 repositories where alerts are found. The dashboard presents a view of alerts by severity. The dashboard gives a view alerts by type of GHAS Product.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 29, + "i": "f7c68c74-9a21-4674-bfd6-414b1e75973e", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "f7c68c74-9a21-4674-bfd6-414b1e75973e", + "title": "Table of Contents", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -36,11 +203,12 @@ }, { "id": "logs-*", - "name": "efd3c729-3f58-4e1f-b05f-4178051021ee", + "name": "d5b2b93f-f2fe-4ed3-a043-72ac78aff16d", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -75,54 +243,119 @@ "meta": { "alias": null, "disabled": false, - "index": "efd3c729-3f58-4e1f-b05f-4178051021ee", - "key": "data_stream.dataset", + "index": "d5b2b93f-f2fe-4ed3-a043-72ac78aff16d", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "color": "#6092C0", "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", "layerType": "data", - "textAlign": "center", - "titlePosition": "top" + "metricAccessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" } }, "title": "Total Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, @@ -130,12 +363,12 @@ "h": 5, "i": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", "w": 14, - "x": 0, + "x": 10, "y": 0 }, "panelIndex": "908a8fcb-8a78-41ae-bb14-c0fba31aa562", - "type": "lens", - "version": "8.7.1" + "title": "Total Alerts Count [GitHub Advanced Security]", + "type": "lens" }, { "embeddableConfig": { @@ -149,11 +382,12 @@ }, { "id": "logs-*", - "name": "68c402d4-a28c-4161-9f6c-663cd4930df6", + "name": "9dfce16f-386f-41a9-b771-d4db67649dc4", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -174,35 +408,35 @@ { "input": { "language": "kuery", - "query": "github.severity : \"critical\" " + "query": "vulnerability.severity : \"critical\" OR github.code_scanning.rule.security_severity_level: \"critical\" " }, "label": "Critical" }, { "input": { "language": "kuery", - "query": "github.severity : \"high\" " + "query": "vulnerability.severity : \"high\" OR github.code_scanning.rule.security_severity_level: \"high\" " }, "label": "High" }, { "input": { "language": "kuery", - "query": "github.severity : \"medium\" " + "query": "vulnerability.severity : \"medium\" OR vulnerability.severity : \"moderate\" OR github.code_scanning.rule.security_severity_level: \"medium\" " }, - "label": "Medium" + "label": "Medium/Moderate" }, { "input": { "language": "kuery", - "query": "github.severity : \"low\"" + "query": "vulnerability.severity : \"low\" OR github.code_scanning.rule.security_severity_level: \"low\" " }, "label": "Low" }, { "input": { "language": "kuery", - "query": "github.severity : \"undefined\" " + "query": "vulnerability.severity : \"undefined\" OR github.code_scanning.rule.security_severity_level: \"undefined\" OR NOT (vulnerability.severity : * OR github.code_scanning.rule.security_severity_level: *)" }, "label": "Undefined" } @@ -236,240 +470,105 @@ "meta": { "alias": null, "disabled": false, - "index": "68c402d4-a28c-4161-9f6c-663cd4930df6", - "key": "data_stream.dataset", + "index": "9dfce16f-386f-41a9-b771-d4db67649dc4", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.dependabot" - } - } - ] - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 - }, - "layers": [ - { - "accessors": [ - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", - "layerType": "data", - "seriesType": "bar_stacked", - "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", - "yConfig": [ { - "color": "#ca8eae", - "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - } - ] - } - ], - "legend": { - "isVisible": true, - "position": "right" - }, - "preferredSeriesType": "bar_stacked", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "valueLabels": "hide" - } - }, - "title": "Open Alerts Count by Severity [GitHub Advanced Security]", - "visualizationType": "lnsXY" - }, - "enhancements": {} - }, - "gridData": { - "h": 15, - "i": "84209174-8b73-47ed-9324-45e7713370d0", - "w": 16, - "x": 14, - "y": 0 - }, - "panelIndex": "84209174-8b73-47ed-9324-45e7713370d0", - "type": "lens", - "version": "8.7.1" - }, - { - "embeddableConfig": { - "attributes": { - "description": "", - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "e125b149-a8ea-47b7-914c-508a7972c074": { - "columnOrder": [ - "25824925-c28e-4f16-b354-5e6e25ecea6a", - "aaa67d72-aba4-4af4-a4f5-66e37fffed84" - ], - "columns": { - "25824925-c28e-4f16-b354-5e6e25ecea6a": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Severity", - "operationType": "filters", - "params": { - "filters": [ - { - "input": { - "language": "kuery", - "query": "github.severity : \"critical\" " - }, - "label": "Critical" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"high\" " - }, - "label": "High" - }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"medium\" " - }, - "label": "Medium" + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"low\"" + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" }, - "label": "Low" + "type": "phrase" }, - { - "input": { - "language": "kuery", - "query": "github.severity : \"undefined\" " - }, - "label": "Undefined" + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } } - ] - }, - "scale": "ordinal" - }, - "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Alerts Count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + } + ], + "relation": "AND", + "type": "combined" } }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "408457e7-219e-4fb4-9352-7dc82c8d514c", - "key": "data_stream.dataset", - "negate": false, - "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } - }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -501,6 +600,7 @@ } }, "title": "Open Alerts % by Severity [GitHub Advanced Security]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {} @@ -508,13 +608,12 @@ "gridData": { "h": 15, "i": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "w": 18, - "x": 30, + "w": 11, + "x": 37, "y": 0 }, "panelIndex": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -528,16 +627,17 @@ }, { "id": "logs-*", - "name": "ab223632-68bc-4417-a2d3-0c3cd145a537", + "name": "c94d7d20-5cc1-4129-a357-f2ab9c0cc701", "type": "index-pattern" }, { "id": "logs-*", - "name": "8676bd1a-86f1-4fac-ab02-6c382be33410", + "name": "a78e3ceb-5cbb-47a1-8c40-b1e2486001d4", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -578,38 +678,102 @@ "meta": { "alias": null, "disabled": false, - "index": "ab223632-68bc-4417-a2d3-0c3cd145a537", - "key": "data_stream.dataset", + "index": "c94d7d20-5cc1-4129-a357-f2ab9c0cc701", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} }, { "$state": { @@ -618,85 +782,91 @@ "meta": { "alias": null, "disabled": false, - "index": "8676bd1a-86f1-4fac-ab02-6c382be33410", - "key": "github.state", + "index": "a78e3ceb-5cbb-47a1-8c40-b1e2486001d4", "negate": false, "params": [ - "open" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { + { + "meta": { + "alias": null, + "disabled": false, + "field": "github.code_scanning.state", + "index": "logs-*", + "key": "github.code_scanning.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { "match_phrase": { - "github.state": "open" + "github.code_scanning.state": "open" } } - ] - } - } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "github.secret_scanning.state", + "index": "logs-*", + "key": "github.secret_scanning.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.secret_scanning.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "github.dependabot.state", + "index": "logs-*", + "key": "github.dependabot.state", + "negate": false, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.dependabot.state": "open" + } + } + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#E7664C", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Open Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsLegacyMetric" + "type": "lens", + "visualizationType": "lnsMetric" }, "enhancements": {} }, @@ -704,12 +874,11 @@ "h": 5, "i": "c5e57455-3945-4457-973f-7b6a1e5579d8", "w": 14, - "x": 0, + "x": 10, "y": 5 }, "panelIndex": "c5e57455-3945-4457-973f-7b6a1e5579d8", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -723,16 +892,12 @@ }, { "id": "logs-*", - "name": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "0753d483-b32c-441f-87dc-bb862221e11c", + "name": "fafe3cae-eb89-4b77-a127-df86c5bf5ff5", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -746,7 +911,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Resolved/Dismissed Alerts", + "label": "Resolved (Fixed or Dismissed) Alerts", "operationType": "formula", "params": { "format": { @@ -767,7 +932,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Dismissed Alerts", + "label": "Part of Resolved/Dismissed Alerts", "operationType": "count", "params": { "emptyAsNull": false @@ -789,39 +954,226 @@ "meta": { "alias": null, "disabled": false, - "index": "45e7ae11-a8b3-4f60-a280-de442326d1ec", - "key": "data_stream.dataset", + "index": "fafe3cae-eb89-4b77-a127-df86c5bf5ff5", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} + } + ], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "NOT (github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\")" + }, + "visualization": { + "color": "#54B399", + "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "layerType": "data", + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" + } + }, + "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", + "type": "lens", + "visualizationType": "lnsMetric" + }, + "enhancements": {} + }, + "gridData": { + "h": 5, + "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "w": 14, + "x": 10, + "y": 10 + }, + "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", + "title": "Resolved (Dismissed) Alerts Count [GitHub Advanced Security]", + "type": "lens" + }, + { + "embeddableConfig": { + "attributes": { + "description": "", + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "74662310-3677-4d18-9271-8af6537ed481", + "type": "index-pattern" + } + ], + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "e125b149-a8ea-47b7-914c-508a7972c074": { + "columnOrder": [ + "25824925-c28e-4f16-b354-5e6e25ecea6a", + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "columns": { + "25824925-c28e-4f16-b354-5e6e25ecea6a": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "vulnerability.severity : \"critical\" OR github.code_scanning.rule.security_severity_level: \"critical\" " + }, + "label": "Critical" + }, + { + "input": { + "language": "kuery", + "query": "vulnerability.severity : \"high\" OR github.code_scanning.rule.security_severity_level: \"high\" " + }, + "label": "High" + }, + { + "input": { + "language": "kuery", + "query": "vulnerability.severity : \"medium\" OR vulnerability.severity : \"moderate\" OR github.code_scanning.rule.security_severity_level: \"medium\" " + }, + "label": "Medium/Moderate" + }, + { + "input": { + "language": "kuery", + "query": "vulnerability.severity : \"low\" OR github.code_scanning.rule.security_severity_level: \"low\" " + }, + "label": "Low" + }, + { + "input": { + "language": "kuery", + "query": "vulnerability.severity : \"undefined\" OR github.code_scanning.rule.security_severity_level: \"undefined\" OR NOT (vulnerability.severity : * OR github.code_scanning.rule.security_severity_level: *)" + }, + "label": "Undefined" + } + ] + }, + "scale": "ordinal" + }, + "aaa67d72-aba4-4af4-a4f5-66e37fffed84": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Alerts Count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} } } - }, + } + }, + "filters": [ { "$state": { "store": "appState" @@ -829,90 +1181,172 @@ "meta": { "alias": null, "disabled": false, - "index": "0753d483-b32c-441f-87dc-bb862221e11c", - "key": "github.state", + "index": "74662310-3677-4d18-9271-8af6537ed481", "negate": false, "params": [ - "dismissed", - "resolved" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "dismissed" - } + { + "$state": { + "store": "appState" }, - { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" + }, + "query": { "match_phrase": { - "github.state": "resolved" + "data_stream.dataset": "github.dependabot" } } - ] - } - } + } + ], + "relation": "OR", + "type": "combined" + }, + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", - "query": "" + "query": "github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\"" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", - "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", - "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "aaa67d72-aba4-4af4-a4f5-66e37fffed84" + ], + "layerId": "e125b149-a8ea-47b7-914c-508a7972c074", + "layerType": "data", + "seriesType": "bar_stacked", + "xAccessor": "25824925-c28e-4f16-b354-5e6e25ecea6a", + "yConfig": [ { - "color": "#209280", - "stop": 16 + "color": "#ca8eae", + "forAccessor": "aaa67d72-aba4-4af4-a4f5-66e37fffed84" } ] - }, - "type": "palette" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true }, - "textAlign": "center" + "valueLabels": "hide" } }, - "title": "Resolved/Dismissed Alerts Count [GitHub Advanced Security]", - "visualizationType": "lnsLegacyMetric" + "title": "Open Alerts Count by Severity [GitHub Advanced Security]", + "type": "lens", + "visualizationType": "lnsXY" }, "enhancements": {} }, "gridData": { - "h": 5, - "i": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "w": 14, - "x": 0, - "y": 10 + "h": 15, + "i": "9281cfb0-5178-4fa6-9a6b-941a8c9b23e1", + "w": 13, + "x": 24, + "y": 0 }, - "panelIndex": "c15d5d40-d18a-4960-8b6d-d47da3611f99", - "type": "lens", - "version": "8.7.1" + "panelIndex": "9281cfb0-5178-4fa6-9a6b-941a8c9b23e1", + "title": "Open Alerts Count by Severity [GitHub Advanced Security]", + "type": "lens" }, { "embeddableConfig": { @@ -926,16 +1360,12 @@ }, { "id": "logs-*", - "name": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "a3e44335-794f-455e-9e40-c22201daaa1c", + "name": "21113234-f66b-4901-9485-4fcc3ddcc381", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1034,64 +1464,108 @@ "meta": { "alias": null, "disabled": false, - "index": "656c4d05-b350-45a5-aa87-f83fbdbf2f26", - "key": "data_stream.dataset", + "index": "21113234-f66b-4901-9485-4fcc3ddcc381", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "a3e44335-794f-455e-9e40-c22201daaa1c", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" + } + ], + "relation": "OR", + "type": "combined" }, - "query": { - "match_phrase": { - "github.state": "open" - } - } + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", - "query": "" + "query": "github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\"" }, "visualization": { "axisTitlesVisibilitySettings": { @@ -1143,20 +1617,20 @@ } }, "title": "Open Alerts count by owner and by repository [GitHub Advanced Security]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} }, "gridData": { - "h": 15, + "h": 14, "i": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "w": 24, - "x": 0, + "w": 21, + "x": 10, "y": 15 }, "panelIndex": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1170,16 +1644,12 @@ }, { "id": "logs-*", - "name": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "name": "1337972b-6237-48b0-af64-836855ad43c5", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1261,64 +1731,108 @@ "meta": { "alias": null, "disabled": false, - "index": "e8ef33ad-82e2-4282-ae42-1ee5b478bde8", - "key": "data_stream.dataset", + "index": "1337972b-6237-48b0-af64-836855ad43c5", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "69dd980b-29ae-4a8c-b2e9-f4566786f5d3", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" + } + ], + "relation": "OR", + "type": "combined" }, - "query": { - "match_phrase": { - "github.state": "open" - } - } + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", - "query": "" + "query": "github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\"" }, "visualization": { "layers": [ @@ -1342,20 +1856,20 @@ } }, "title": "Open Alerts % by owner and by repository [GitHub Advanced Security]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {} }, "gridData": { - "h": 15, + "h": 14, "i": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "w": 24, - "x": 24, + "w": 17, + "x": 31, "y": 15 }, "panelIndex": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1369,16 +1883,12 @@ }, { "id": "logs-*", - "name": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "288f00c3-3a7a-4b8a-bb49-75818491a337", + "name": "b9135a0b-308a-4024-90e4-3e5f7019802d", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1447,64 +1957,108 @@ "meta": { "alias": null, "disabled": false, - "index": "bbb675c9-c535-483e-9337-69a2a81eb2da", - "key": "data_stream.dataset", + "index": "b9135a0b-308a-4024-90e4-3e5f7019802d", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "288f00c3-3a7a-4b8a-bb49-75818491a337", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" + } + ], + "relation": "OR", + "type": "combined" }, - "query": { - "match_phrase": { - "github.state": "open" - } - } + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", - "query": "" + "query": "github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\"" }, "visualization": { "layers": [ @@ -1536,6 +2090,7 @@ } }, "title": "Open Alerts by Type [GitHub Advanced Security]", + "type": "lens", "visualizationType": "lnsXY" }, "enhancements": {} @@ -1545,11 +2100,10 @@ "i": "54ab8e3f-ba53-4cf0-8769-745688302f45", "w": 24, "x": 0, - "y": 30 + "y": 29 }, "panelIndex": "54ab8e3f-ba53-4cf0-8769-745688302f45", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1563,16 +2117,12 @@ }, { "id": "logs-*", - "name": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "name": "a7a7b81c-a6ca-43eb-bf0f-35d2295363ae", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1640,64 +2190,108 @@ "meta": { "alias": null, "disabled": false, - "index": "34b1f197-92c5-4838-ae73-3ba9e9260015", - "key": "data_stream.dataset", + "index": "a7a7b81c-a6ca-43eb-bf0f-35d2295363ae", "negate": false, "params": [ - "github.code_scanning", - "github.secret_scanning", - "github.dependabot" - ], - "type": "phrases" - }, - "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "data_stream.dataset": "github.code_scanning" - } + { + "$state": { + "store": "appState" }, - { - "match_phrase": { - "data_stream.dataset": "github.secret_scanning" - } + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "negate": false, + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": [ + "github.code_scanning", + "github.secret_scanning" + ], + "type": "phrases", + "value": [ + "github.code_scanning", + "github.secret_scanning" + ] + }, + "query": { + "bool": { + "minimum_should_match": 1, + "should": [ + { + "match_phrase": { + "data_stream.dataset": "github.code_scanning" + } + }, + { + "match_phrase": { + "data_stream.dataset": "github.secret_scanning" + } + } + ] + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "data_stream.dataset", + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.dependabot" + }, + "type": "phrase" }, - { + "query": { "match_phrase": { "data_stream.dataset": "github.dependabot" } } - ] - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", - "key": "github.state", - "negate": false, - "params": { - "query": "open" - }, - "type": "phrase" + } + ], + "relation": "OR", + "type": "combined" }, - "query": { - "match_phrase": { - "github.state": "open" - } - } + "query": {} } ], + "internalReferences": [], "query": { "language": "kuery", - "query": "" + "query": "github.code_scanning.state : \"open\" OR github.secret_scanning.state : \"open\" OR github.dependabot.state : \"open\"" }, "visualization": { "layers": [ @@ -1723,6 +2317,7 @@ } }, "title": "Open Alerts % by Type [GitHub Advanced Security]", + "type": "lens", "visualizationType": "lnsPie" }, "enhancements": {}, @@ -1733,42 +2328,34 @@ "i": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", "w": 24, "x": 24, - "y": 30 + "y": 29 }, "panelIndex": "96fbd44d-b93e-4605-86ef-d5c3dd36660f", - "type": "lens", - "version": "8.7.1" + "type": "lens" } ], "timeRestore": false, "title": "[GitHub] Advanced Security Overview", "version": 1 }, - "coreMigrationVersion": "8.7.1", - "created_at": "2023-07-10T01:36:57.825Z", + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-30T03:14:33.785Z", "id": "github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c", - "migrationVersion": { - "dashboard": "8.7.0" - }, + "managed": false, "references": [ { "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:efd3c729-3f58-4e1f-b05f-4178051021ee", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern" }, { "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:indexpattern-datasource-layer-3f8b858f-a1ee-4d69-a100-d59282acd94d", "type": "index-pattern" }, { "id": "logs-*", - "name": "84209174-8b73-47ed-9324-45e7713370d0:68c402d4-a28c-4161-9f6c-663cd4930df6", + "name": "908a8fcb-8a78-41ae-bb14-c0fba31aa562:d5b2b93f-f2fe-4ed3-a043-72ac78aff16d", "type": "index-pattern" }, { @@ -1778,7 +2365,7 @@ }, { "id": "logs-*", - "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:408457e7-219e-4fb4-9352-7dc82c8d514c", + "name": "5ef67f15-a8c1-4ce5-a676-3a27f61fa7dd:9dfce16f-386f-41a9-b771-d4db67649dc4", "type": "index-pattern" }, { @@ -1788,12 +2375,12 @@ }, { "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:ab223632-68bc-4417-a2d3-0c3cd145a537", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:c94d7d20-5cc1-4129-a357-f2ab9c0cc701", "type": "index-pattern" }, { "id": "logs-*", - "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:8676bd1a-86f1-4fac-ab02-6c382be33410", + "name": "c5e57455-3945-4457-973f-7b6a1e5579d8:a78e3ceb-5cbb-47a1-8c40-b1e2486001d4", "type": "index-pattern" }, { @@ -1803,27 +2390,27 @@ }, { "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:45e7ae11-a8b3-4f60-a280-de442326d1ec", + "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:fafe3cae-eb89-4b77-a127-df86c5bf5ff5", "type": "index-pattern" }, { "id": "logs-*", - "name": "c15d5d40-d18a-4960-8b6d-d47da3611f99:0753d483-b32c-441f-87dc-bb862221e11c", + "name": "9281cfb0-5178-4fa6-9a6b-941a8c9b23e1:indexpattern-datasource-layer-e125b149-a8ea-47b7-914c-508a7972c074", "type": "index-pattern" }, { "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", + "name": "9281cfb0-5178-4fa6-9a6b-941a8c9b23e1:74662310-3677-4d18-9271-8af6537ed481", "type": "index-pattern" }, { "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:656c4d05-b350-45a5-aa87-f83fbdbf2f26", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:indexpattern-datasource-layer-2592c6ef-cf07-4080-b4fe-014cc142e3c8", "type": "index-pattern" }, { "id": "logs-*", - "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:a3e44335-794f-455e-9e40-c22201daaa1c", + "name": "5f8d7b7b-c370-4e38-ae2a-80f1495598fe:21113234-f66b-4901-9485-4fcc3ddcc381", "type": "index-pattern" }, { @@ -1833,69 +2420,75 @@ }, { "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:e8ef33ad-82e2-4282-ae42-1ee5b478bde8", + "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:1337972b-6237-48b0-af64-836855ad43c5", "type": "index-pattern" }, { "id": "logs-*", - "name": "35bcc34c-a0d8-40fd-aa9d-52f0df0ebc5a:69dd980b-29ae-4a8c-b2e9-f4566786f5d3", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", "type": "index-pattern" }, { "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:indexpattern-datasource-layer-a1e90df6-e435-44e9-b298-d77ce349f33b", + "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:b9135a0b-308a-4024-90e4-3e5f7019802d", "type": "index-pattern" }, { "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:bbb675c9-c535-483e-9337-69a2a81eb2da", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", "type": "index-pattern" }, { "id": "logs-*", - "name": "54ab8e3f-ba53-4cf0-8769-745688302f45:288f00c3-3a7a-4b8a-bb49-75818491a337", + "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:a7a7b81c-a6ca-43eb-bf0f-35d2295363ae", "type": "index-pattern" }, { "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:indexpattern-datasource-layer-91e1a389-34e8-4332-9dbb-bd883d71dd85", + "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:34b1f197-92c5-4838-ae73-3ba9e9260015", + "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "96fbd44d-b93e-4605-86ef-d5c3dd36660f:14e0ee55-38aa-4727-a0a5-a9af42b8b0ca", + "name": "controlGroup_7698ce80-6744-4377-bf21-24abb9381703:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_2b7c10cd-1a6d-4dff-8cf9-848904b101d7:optionsListDataView", + "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_05d7ed66-221a-437a-9e07-5094ce9d57e0:optionsListDataView", + "name": "controlGroup_a998c705-29a7-4300-9eb4-f0d43c3594c4:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_b1a338bb-89af-425e-91eb-1c8a32641422:optionsListDataView", + "name": "controlGroup_bd97336d-ad44-4b44-841d-723123428475:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_5c430006-8043-4e34-96dd-34b596dcba61:optionsListDataView", + "name": "controlGroup_beb209b8-5b39-4812-af88-7bf5763b33cf:optionsListDataView", "type": "index-pattern" }, { - "id": "logs-*", - "name": "controlGroup_81297eab-88c0-477b-8132-39cbb430b6c7:optionsListDataView", - "type": "index-pattern" + "id": "github-security-solution-default", + "name": "tag-ref-github-security-solution-default", + "type": "tag" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-security-solution-default", + "type": "tag" } ], - "type": "dashboard" + "type": "dashboard", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/github/kibana/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724.json b/packages/github/kibana/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724.json index d1a364c50d5c..80375de9e75e 100644 --- a/packages/github/kibana/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724.json +++ b/packages/github/kibana/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724.json @@ -3,8 +3,51 @@ "controlGroupInput": { "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.owner.login\",\"title\":\"Owner/Organization\",\"id\":\"93a8183f-ab74-4636-9f63-9e30c35bfa6b\",\"enhancements\":{}}},\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.repository.name\",\"title\":\"Repository\",\"id\":\"965171e3-e02b-49ff-a2f7-6ddfa5159eee\",\"enhancements\":{}}},\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\":{\"order\":2,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"github.state\",\"title\":\"State\",\"id\":\"8fb8d319-c120-4bcb-849d-6d45f3f5406a\",\"enhancements\":{},\"selectedOptions\":[]}}}" + "ignoreParentSettingsJSON": { + "ignoreFilters": false, + "ignoreQuery": false, + "ignoreTimerange": false, + "ignoreValidations": false + }, + "panelsJSON": { + "8fb8d319-c120-4bcb-849d-6d45f3f5406a": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.issues.state", + "id": "8fb8d319-c120-4bcb-849d-6d45f3f5406a", + "searchTechnique": "prefix", + "title": "State" + }, + "grow": true, + "order": 2, + "type": "optionsListControl", + "width": "medium" + }, + "93a8183f-ab74-4636-9f63-9e30c35bfa6b": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.owner.login", + "id": "93a8183f-ab74-4636-9f63-9e30c35bfa6b", + "title": "Owner/Organization" + }, + "grow": true, + "order": 0, + "type": "optionsListControl", + "width": "medium" + }, + "965171e3-e02b-49ff-a2f7-6ddfa5159eee": { + "explicitInput": { + "enhancements": {}, + "fieldName": "github.repository.name", + "id": "965171e3-e02b-49ff-a2f7-6ddfa5159eee", + "title": "Repository" + }, + "grow": true, + "order": 1, + "type": "optionsListControl", + "width": "medium" + } + } }, "description": "", "kibanaSavedObjectMeta": { @@ -18,18 +61,50 @@ "alias": "Github Issues", "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", "negate": false, - "params": { - "query": "github.issues" - }, - "type": "phrase" + "params": [ + { + "meta": { + "alias": null, + "disabled": false, + "index": "logs-*", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "github.issues" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "github.issues" + } + } + }, + { + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "logs-*", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "relation": "AND", + "type": "combined" }, - "query": { - "match_phrase": { - "data_stream.dataset": "github.issues" - } - } + "query": {} } ], "query": { @@ -46,6 +121,43 @@ "useMargins": true }, "panelsJSON": [ + { + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**Github** \n\n- **Audit**\n - [Audit Log Activity](#/dashboard/github-dcee84c0-2059-11ec-8b10-11a4c5e322a0)\n - [User Change Audit](#/dashboard/github-8bfd8310-205c-11ec-8b10-11a4c5e322a0)\n- **Github Advanced Security**\n - [Advanced Security Overview](#/dashboard/github-6a6d7c40-17ab-11ed-809a-7b4be950fe9c)\n - [Code Scanning](#/dashboard/github-4da91aa0-12fc-11ed-af77-016e1a977d80)\n - [Secret Scanning](#/dashboard/github-591d69e0-17b6-11ed-809a-7b4be950fe9c)\n - [Dependabot](#/dashboard/github-6197be80-220c-11ed-88c4-e3caca48250a)\n- [**Issues (This Page)**](#/dashboard/github-f0104680-ae18-11ed-83fa-df5d96a45724)\n\n**Overview**\nThis dashboard provides an overview of the issues ingested from Github.\n\nThe dashboard provides details on issues that are open and resolved. It provides a view of the top 10 repositories with issues. It also calculates the mean-time to fix (or close) an issue. The dashboard presents a view of top labels that are assigned to the issues. Finally, it gives a layout of top users creating and fixing the issues.\n\n[**Integrations Page**](/app/integrations/detail/github/overview)", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + } + }, + "gridData": { + "h": 29, + "i": "1115b58c-79fe-4725-9cb1-fca7284c1f17", + "w": 10, + "x": 0, + "y": 0 + }, + "panelIndex": "1115b58c-79fe-4725-9cb1-fca7284c1f17", + "title": "Table of Contents", + "type": "visualization" + }, { "embeddableConfig": { "attributes": { @@ -58,11 +170,17 @@ }, { "id": "logs-*", - "name": "5c48f008-d4c0-4386-a853-a83f49efe49f", + "name": "2249b84f-29d6-47a7-aa24-c87c6d45bfa5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "43eab0b2-e0f5-463e-8c7b-44f4afbb1a72", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -97,13 +215,16 @@ "meta": { "alias": null, "disabled": false, - "index": "5c48f008-d4c0-4386-a853-a83f49efe49f", + "index": "2249b84f-29d6-47a7-aa24-c87c6d45bfa5", "key": "data_stream.dataset", "negate": false, "params": [ "github.issues" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.issues" + ] }, "query": { "bool": { @@ -117,38 +238,59 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "43eab0b2-e0f5-463e-8c7b-44f4afbb1a72", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212", + "color": "#6092C0", "layerId": "3f8b858f-a1ee-4d69-a100-d59282acd94d", "layerType": "data", - "textAlign": "center", - "titlePosition": "top" + "metricAccessor": "ccdc8558-1d3f-4c8b-a31e-d59ac78d0212" } }, "title": "Total Alerts Created [GitHub Code Scanning]", "type": "lens", - "visualizationType": "lnsLegacyMetric" + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 5, + "h": 4, "i": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", - "w": 14, - "x": 0, + "w": 11, + "x": 10, "y": 0 }, "panelIndex": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac", "title": "Total Issues Created [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -162,11 +304,17 @@ }, { "id": "logs-*", - "name": "583b3dcc-776c-48a8-90a8-14a1cdf69d5e", + "name": "5717ec62-4078-4491-a384-c7aac1188613", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5afd4bdd-7354-447e-9325-c28f7fe52341", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -191,7 +339,7 @@ "decimals": 2 } }, - "formula": "count()/count(kql='github.state:closed')", + "formula": "count()/count(kql='NOT github.issues.state:open')", "isFormulaBroken": false }, "references": [ @@ -203,7 +351,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Alerts Found/Fixed Ratio", + "label": "Part of Issues Created/Closed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -216,10 +364,10 @@ "dataType": "number", "filter": { "language": "kuery", - "query": "github.state:closed" + "query": "NOT github.issues.state:open" }, "isBucketed": false, - "label": "Part of Alerts Found/Fixed Ratio", + "label": "Part of Issues Created/Closed Ratio", "operationType": "count", "params": { "emptyAsNull": false @@ -231,7 +379,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Alerts Found/Fixed Ratio", + "label": "Part of Issues Created/Closed Ratio", "operationType": "math", "params": { "tinymathAst": { @@ -240,11 +388,11 @@ "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5eX1" ], "location": { - "max": 40, + "max": 49, "min": 0 }, "name": "divide", - "text": "count()/count(kql='github.state:closed')", + "text": "count()/count(kql='NOT github.issues.state:open')", "type": "function" } }, @@ -268,13 +416,16 @@ "meta": { "alias": null, "disabled": false, - "index": "583b3dcc-776c-48a8-90a8-14a1cdf69d5e", + "index": "5717ec62-4078-4491-a384-c7aac1188613", "key": "data_stream.dataset", "negate": false, "params": [ "github.issues" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.issues" + ] }, "query": { "bool": { @@ -288,23 +439,45 @@ ] } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "5afd4bdd-7354-447e-9325-c28f7fe52341", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Alerts Found/Fixed Ratio [GitHub Code Scanning]", "type": "lens", - "visualizationType": "lnsLegacyMetric" + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -312,14 +485,13 @@ "gridData": { "h": 7, "i": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 0 }, "panelIndex": "85cbbb74-4d3c-44e0-98f6-be076e31aea3", "title": "Issues Created/Closed Ratio [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -333,11 +505,17 @@ }, { "id": "logs-*", - "name": "acb267f3-3c77-47f8-bf79-98920679368c", + "name": "f75f6ef6-859b-4da9-ad5a-5abc9e84babe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6bc155da-3a45-466e-be5f-7bc75225e92e", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -367,7 +545,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.state" + "sourceField": "github.issues.state" }, "4525c4ae-5f82-4b4d-9867-48e4aba462fd": { "dataType": "number", @@ -394,7 +572,7 @@ "meta": { "alias": null, "disabled": false, - "index": "acb267f3-3c77-47f8-bf79-98920679368c", + "index": "f75f6ef6-859b-4da9-ad5a-5abc9e84babe", "key": "data_stream.dataset", "negate": false, "params": { @@ -407,8 +585,31 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "6bc155da-3a45-466e-be5f-7bc75225e92e", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -448,16 +649,15 @@ "hidePanelTitles": false }, "gridData": { - "h": 15, + "h": 14, "i": "1b501988-f932-4d80-8625-d2a1c8cd7321", - "w": 20, - "x": 28, + "w": 16, + "x": 32, "y": 0 }, "panelIndex": "1b501988-f932-4d80-8625-d2a1c8cd7321", "title": "Open vs Closed [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -471,16 +671,22 @@ }, { "id": "logs-*", - "name": "c9577613-d758-45ed-be30-d9d3bfe47f77", + "name": "ae91cb52-95a6-47c1-a724-2a5e2656c16e", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "056dce8e-a9a5-4a60-b379-b3505a8b45eb", "type": "index-pattern" }, { "id": "logs-*", - "name": "c58d5e58-16ac-44f6-9fae-35770b969600", + "name": "86c08808-9939-4279-ac33-87497b01eb7c", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -521,13 +727,16 @@ "meta": { "alias": null, "disabled": false, - "index": "c9577613-d758-45ed-be30-d9d3bfe47f77", + "index": "ae91cb52-95a6-47c1-a724-2a5e2656c16e", "key": "data_stream.dataset", "negate": false, "params": [ "github.issues" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.issues" + ] }, "query": { "bool": { @@ -549,8 +758,9 @@ "meta": { "alias": null, "disabled": false, - "index": "c58d5e58-16ac-44f6-9fae-35770b969600", - "key": "github.state", + "field": "github.issues.state", + "index": "056dce8e-a9a5-4a60-b379-b3505a8b45eb", + "key": "github.issues.state", "negate": false, "params": { "query": "open" @@ -559,69 +769,48 @@ }, "query": { "match_phrase": { - "github.state": "open" + "github.issues.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "86c08808-9939-4279-ac33-87497b01eb7c", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#E7664C", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "custom", - "params": { - "colorStops": [ - { - "color": "#209280", - "stop": 0 - }, - { - "color": "#d6bf57", - "stop": 1 - }, - { - "color": "#cc5642", - "stop": 1000 - } - ], - "continuity": "above", - "maxSteps": 5, - "name": "custom", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#209280", - "stop": 1 - }, - { - "color": "#d6bf57", - "stop": 1000 - }, - { - "color": "#cc5642", - "stop": 1001 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Open Alerts Count [GitHub Code Scanning]", "type": "lens", - "visualizationType": "lnsLegacyMetric" + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -629,14 +818,13 @@ "gridData": { "h": 5, "i": "12c18b92-9f7b-4832-b85f-aad64720ea87", - "w": 14, - "x": 0, - "y": 5 + "w": 11, + "x": 10, + "y": 4 }, "panelIndex": "12c18b92-9f7b-4832-b85f-aad64720ea87", "title": "Open Issues Count [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -650,16 +838,22 @@ }, { "id": "logs-*", - "name": "cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638", + "name": "2dc468a5-6525-4d7d-a1cf-f26d8458646f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1f3775d0-79c8-4b84-9ef5-72cd64d9a543", "type": "index-pattern" }, { "id": "logs-*", - "name": "f3c66899-a26d-4da8-89b4-8dfe417dc588", + "name": "c6a3b8f3-1e1f-4b7d-a084-f5149c2a0636", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -755,7 +949,7 @@ "meta": { "alias": null, "disabled": false, - "index": "cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638", + "index": "2dc468a5-6525-4d7d-a1cf-f26d8458646f", "key": "data_stream.dataset", "negate": false, "params": { @@ -776,7 +970,7 @@ "meta": { "alias": null, "disabled": false, - "index": "f3c66899-a26d-4da8-89b4-8dfe417dc588", + "index": "1f3775d0-79c8-4b84-9ef5-72cd64d9a543", "key": "github.issues.time_to_close.sec", "negate": false, "type": "exists", @@ -787,38 +981,59 @@ "field": "github.issues.time_to_close.sec" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "c6a3b8f3-1e1f-4b7d-a084-f5149c2a0636", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523", - "colorMode": "None", + "color": "#6092C0", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "textAlign": "center" + "metricAccessor": "e33d2853-5b3d-4be9-9312-2d8da64d9523" } }, "title": "Mean Time to Resolution [GitHub Code Scanning]", "type": "lens", - "visualizationType": "lnsLegacyMetric" + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false }, "gridData": { - "h": 8, + "h": 7, "i": "7131e4d3-c168-480d-9496-1463ceaaa97a", - "w": 14, - "x": 14, + "w": 11, + "x": 21, "y": 7 }, "panelIndex": "7131e4d3-c168-480d-9496-1463ceaaa97a", "title": "Mean Time To Close Issues [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -829,21 +1044,13 @@ "id": "logs-*", "name": "indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "658f3ec5-1f8c-4cca-a794-7d1fedb00bd0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "5620f741-77e6-4967-a417-ebc51bd0e047", - "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { + "currentIndexPatternId": "logs-*", "layers": { "df5f2c10-bc9b-4a7e-be41-d13240c21d95": { "columnOrder": [ @@ -876,7 +1083,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Part of Resolved/Dismissed Alerts", + "label": "Part of Closed Issues", "operationType": "count", "params": { "emptyAsNull": false @@ -885,7 +1092,8 @@ "sourceField": "___records___" } }, - "incompleteColumns": {} + "incompleteColumns": {}, + "indexPatternId": "logs-*" } } } @@ -898,13 +1106,16 @@ "meta": { "alias": null, "disabled": false, - "index": "658f3ec5-1f8c-4cca-a794-7d1fedb00bd0", + "index": "e93c03d1-8cfa-4cf5-9d3c-4a3af8bc7c4d", "key": "data_stream.dataset", "negate": false, "params": [ "github.issues" ], - "type": "phrases" + "type": "phrases", + "value": [ + "github.issues" + ] }, "query": { "bool": { @@ -926,72 +1137,59 @@ "meta": { "alias": null, "disabled": false, - "index": "5620f741-77e6-4967-a417-ebc51bd0e047", - "key": "github.state", + "field": "github.issues.state", + "index": "741f660e-e5f4-48c6-904c-811cd8bb3a2b", + "key": "github.issues.state", + "negate": true, + "params": { + "query": "open" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "github.issues.state": "open" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "270092c7-1512-492b-9ef1-02a443e98ba2", + "key": "labels.is_transform_source", "negate": false, - "params": [ - "closed" - ], - "type": "phrases" + "params": { + "query": "false" + }, + "type": "phrase" }, "query": { - "bool": { - "minimum_should_match": 1, - "should": [ - { - "match_phrase": { - "github.state": "closed" - } - } - ] + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" }, "visualization": { - "accessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e", - "colorMode": "Labels", + "color": "#54B399", "layerId": "df5f2c10-bc9b-4a7e-be41-d13240c21d95", "layerType": "data", - "palette": { - "name": "positive", - "params": { - "continuity": "above", - "maxSteps": 5, - "name": "positive", - "progression": "fixed", - "rangeMax": null, - "rangeMin": 0, - "rangeType": "number", - "reverse": false, - "steps": 3, - "stops": [ - { - "color": "#bbdad3", - "stop": 0 - }, - { - "color": "#77b6a8", - "stop": 8 - }, - { - "color": "#209280", - "stop": 16 - } - ] - }, - "type": "palette" - }, - "textAlign": "center" + "metricAccessor": "01aff5fe-21ab-474d-9ef6-8b5aa69c5a5e" } }, "title": "Resolved/Dismissed Alerts Count [GitHub Code Scanning]", "type": "lens", - "visualizationType": "lnsLegacyMetric" + "visualizationType": "lnsMetric" }, "enhancements": {}, "hidePanelTitles": false @@ -999,14 +1197,13 @@ "gridData": { "h": 5, "i": "c3e8ea64-b6f9-470c-9004-02f8909672eb", - "w": 14, - "x": 0, - "y": 10 + "w": 11, + "x": 10, + "y": 9 }, "panelIndex": "c3e8ea64-b6f9-470c-9004-02f8909672eb", "title": "Closed Issues Count [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1020,11 +1217,17 @@ }, { "id": "logs-*", - "name": "d5e367bd-d27a-4e61-9878-93e20c4489bf", + "name": "6bdbbca5-6ff6-4737-b807-cb69ea80f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "53c48ff4-a8b1-4b7e-8674-c0279a6e8617", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1082,7 +1285,7 @@ "meta": { "alias": null, "disabled": false, - "index": "d5e367bd-d27a-4e61-9878-93e20c4489bf", + "index": "6bdbbca5-6ff6-4737-b807-cb69ea80f9e7", "key": "data_stream.dataset", "negate": false, "params": { @@ -1095,8 +1298,31 @@ "data_stream.dataset": "github.issues" } } - } - ], + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "53c48ff4-a8b1-4b7e-8674-c0279a6e8617", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } + } + ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1156,16 +1382,15 @@ "hidePanelTitles": false }, "gridData": { - "h": 11, + "h": 15, "i": "4e77167a-4642-4cbb-8430-2197e2f31666", - "w": 19, - "x": 0, - "y": 15 + "w": 11, + "x": 10, + "y": 14 }, "panelIndex": "4e77167a-4642-4cbb-8430-2197e2f31666", "title": "Top Issues by labels [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1179,11 +1404,17 @@ }, { "id": "logs-*", - "name": "d1569ab7-96b8-4e3d-b843-ee21f8f657c7", + "name": "1eae3343-5c3e-420d-8da8-5b8521980495", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b6d270fc-062a-4630-8a25-6f147493ece2", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1239,7 +1470,7 @@ "meta": { "alias": null, "disabled": false, - "index": "d1569ab7-96b8-4e3d-b843-ee21f8f657c7", + "index": "1eae3343-5c3e-420d-8da8-5b8521980495", "key": "data_stream.dataset", "negate": false, "params": { @@ -1252,8 +1483,31 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b6d270fc-062a-4630-8a25-6f147493ece2", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1290,16 +1544,15 @@ "hidePanelTitles": false }, "gridData": { - "h": 11, + "h": 15, "i": "5135da2a-0093-4b71-a35a-c2b8877d22dd", - "w": 14, - "x": 19, - "y": 15 + "w": 11, + "x": 21, + "y": 14 }, "panelIndex": "5135da2a-0093-4b71-a35a-c2b8877d22dd", "title": "Top Issues % by labels [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1313,11 +1566,17 @@ }, { "id": "logs-*", - "name": "2b9bd05e-fb45-43ed-9698-8698c33e3c34", + "name": "199c4e2f-84cc-4d24-ac94-b3446c0a05a2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b04f6df8-56de-41ab-9633-e3b26856b88f", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1375,7 +1634,7 @@ "meta": { "alias": null, "disabled": false, - "index": "2b9bd05e-fb45-43ed-9698-8698c33e3c34", + "index": "199c4e2f-84cc-4d24-ac94-b3446c0a05a2", "key": "data_stream.dataset", "negate": false, "params": { @@ -1388,8 +1647,31 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "b04f6df8-56de-41ab-9633-e3b26856b88f", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1415,16 +1697,15 @@ "hidePanelTitles": false }, "gridData": { - "h": 11, + "h": 15, "i": "342298f7-3cf9-4d79-9654-901a769ac7c7", - "w": 15, - "x": 33, - "y": 15 + "w": 16, + "x": 32, + "y": 14 }, "panelIndex": "342298f7-3cf9-4d79-9654-901a769ac7c7", "title": "Issues Count by labels [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" }, { "embeddableConfig": { @@ -1438,21 +1719,44 @@ }, { "id": "logs-*", - "name": "6a68e03e-88f2-4710-b493-4364dd0bd102", + "name": "2855cc31-487e-4aa8-aa2d-cd221deb2867", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5eedc8c5-6bfc-4cc7-a807-38185c7d73ae", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3c006c9f-a83c-41fb-b83d-ed0a56320a23", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "631035e6-8678-47ee-9a8c-c6a87f6c1757": { "columnOrder": [ - "6adc9b2a-664a-4740-8d59-d6677dd36e24", + "eb192673-a397-4681-b973-121148e23546", "e1d8072b-7268-444a-864e-ef1117b17b65" ], "columns": { - "6adc9b2a-664a-4740-8d59-d6677dd36e24": { + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Issues count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "eb192673-a397-4681-b973-121148e23546": { "customLabel": true, "dataType": "string", "isBucketed": true, @@ -1472,19 +1776,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.issues.user.login" - }, - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Issues count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" + "sourceField": "github.issues.closed_by.login" } }, "incompleteColumns": {} @@ -1500,7 +1792,7 @@ "meta": { "alias": null, "disabled": false, - "index": "6a68e03e-88f2-4710-b493-4364dd0bd102", + "index": "2855cc31-487e-4aa8-aa2d-cd221deb2867", "key": "data_stream.dataset", "negate": false, "params": { @@ -1513,8 +1805,50 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "5eedc8c5-6bfc-4cc7-a807-38185c7d73ae", + "key": "github.issues.closed_at", + "negate": false, + "type": "exists", + "value": "exists" + }, + "query": { + "exists": { + "field": "github.issues.closed_at" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "3c006c9f-a83c-41fb-b83d-ed0a56320a23", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1544,7 +1878,7 @@ "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", "layerType": "data", "seriesType": "bar_horizontal", - "xAccessor": "6adc9b2a-664a-4740-8d59-d6677dd36e24", + "xAccessor": "eb192673-a397-4681-b973-121148e23546", "yConfig": [ { "color": "#6dc9cd", @@ -1575,15 +1909,14 @@ }, "gridData": { "h": 11, - "i": "ca116a6a-6146-40d8-b9d3-83c775d22456", - "w": 17, - "x": 0, - "y": 26 + "i": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff", + "w": 14, + "x": 34, + "y": 29 }, - "panelIndex": "ca116a6a-6146-40d8-b9d3-83c775d22456", - "title": "Top Users Creating Issues [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "panelIndex": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff", + "title": "Top users closing the issues [GitHub Issues]", + "type": "lens" }, { "embeddableConfig": { @@ -1597,33 +1930,27 @@ }, { "id": "logs-*", - "name": "ecc24cb3-c482-43c4-a46d-3932fa8da9a7", + "name": "571230b6-3a65-49db-a726-372d30b9e6de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "82a0cc72-9aa5-4c9b-81fc-d6756d3bea0c", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "631035e6-8678-47ee-9a8c-c6a87f6c1757": { "columnOrder": [ - "f913a108-01c0-4764-9743-61a69b3ded42", + "6adc9b2a-664a-4740-8d59-d6677dd36e24", "e1d8072b-7268-444a-864e-ef1117b17b65" ], "columns": { - "e1d8072b-7268-444a-864e-ef1117b17b65": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Issues count", - "operationType": "count", - "params": { - "emptyAsNull": true - }, - "scale": "ratio", - "sourceField": "___records___" - }, - "f913a108-01c0-4764-9743-61a69b3ded42": { + "6adc9b2a-664a-4740-8d59-d6677dd36e24": { "customLabel": true, "dataType": "string", "isBucketed": true, @@ -1643,7 +1970,19 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.issues.assignees.login" + "sourceField": "github.issues.user.login" + }, + "e1d8072b-7268-444a-864e-ef1117b17b65": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Issues count", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" } }, "incompleteColumns": {} @@ -1659,7 +1998,7 @@ "meta": { "alias": null, "disabled": false, - "index": "ecc24cb3-c482-43c4-a46d-3932fa8da9a7", + "index": "571230b6-3a65-49db-a726-372d30b9e6de", "key": "data_stream.dataset", "negate": false, "params": { @@ -1672,8 +2011,31 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "82a0cc72-9aa5-4c9b-81fc-d6756d3bea0c", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1703,7 +2065,7 @@ "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", "layerType": "data", "seriesType": "bar_horizontal", - "xAccessor": "f913a108-01c0-4764-9743-61a69b3ded42", + "xAccessor": "6adc9b2a-664a-4740-8d59-d6677dd36e24", "yConfig": [ { "color": "#6dc9cd", @@ -1734,15 +2096,14 @@ }, "gridData": { "h": 11, - "i": "4f987036-b757-47ce-967c-c417b7c95f3a", + "i": "ca116a6a-6146-40d8-b9d3-83c775d22456", "w": 17, - "x": 17, - "y": 26 + "x": 0, + "y": 29 }, - "panelIndex": "4f987036-b757-47ce-967c-c417b7c95f3a", - "title": "Top users with assigned issues [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "panelIndex": "ca116a6a-6146-40d8-b9d3-83c775d22456", + "title": "Top Users Creating Issues [GitHub Issues]", + "type": "lens" }, { "embeddableConfig": { @@ -1756,22 +2117,23 @@ }, { "id": "logs-*", - "name": "11d97294-f73e-42d5-9dbb-ae041743ba96", + "name": "7e29695b-b813-4541-afc6-c946f5cbeee4", "type": "index-pattern" }, { "id": "logs-*", - "name": "22540369-91b3-442d-be46-f9813f4fd273", + "name": "ae179b13-4452-4e11-916c-45953b19e730", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { "631035e6-8678-47ee-9a8c-c6a87f6c1757": { "columnOrder": [ - "eb192673-a397-4681-b973-121148e23546", + "f913a108-01c0-4764-9743-61a69b3ded42", "e1d8072b-7268-444a-864e-ef1117b17b65" ], "columns": { @@ -1787,7 +2149,7 @@ "scale": "ratio", "sourceField": "___records___" }, - "eb192673-a397-4681-b973-121148e23546": { + "f913a108-01c0-4764-9743-61a69b3ded42": { "customLabel": true, "dataType": "string", "isBucketed": true, @@ -1807,7 +2169,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "github.issues.closed_by.login" + "sourceField": "github.issues.assignees.login" } }, "incompleteColumns": {} @@ -1823,7 +2185,7 @@ "meta": { "alias": null, "disabled": false, - "index": "11d97294-f73e-42d5-9dbb-ae041743ba96", + "index": "7e29695b-b813-4541-afc6-c946f5cbeee4", "key": "data_stream.dataset", "negate": false, "params": { @@ -1844,19 +2206,23 @@ "meta": { "alias": null, "disabled": false, - "index": "22540369-91b3-442d-be46-f9813f4fd273", - "key": "github.issues.closed_at", + "field": "labels.is_transform_source", + "index": "ae179b13-4452-4e11-916c-45953b19e730", + "key": "labels.is_transform_source", "negate": false, - "type": "exists", - "value": "exists" + "params": { + "query": "false" + }, + "type": "phrase" }, "query": { - "exists": { - "field": "github.issues.closed_at" + "match_phrase": { + "labels.is_transform_source": "false" } } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -1886,7 +2252,7 @@ "layerId": "631035e6-8678-47ee-9a8c-c6a87f6c1757", "layerType": "data", "seriesType": "bar_horizontal", - "xAccessor": "eb192673-a397-4681-b973-121148e23546", + "xAccessor": "f913a108-01c0-4764-9743-61a69b3ded42", "yConfig": [ { "color": "#6dc9cd", @@ -1917,15 +2283,14 @@ }, "gridData": { "h": 11, - "i": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff", - "w": 14, - "x": 34, - "y": 26 + "i": "4f987036-b757-47ce-967c-c417b7c95f3a", + "w": 17, + "x": 17, + "y": 29 }, - "panelIndex": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff", - "title": "Top users closing the issues [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "panelIndex": "4f987036-b757-47ce-967c-c417b7c95f3a", + "title": "Top users with assigned issues [GitHub Issues]", + "type": "lens" }, { "embeddableConfig": { @@ -1939,11 +2304,17 @@ }, { "id": "logs-*", - "name": "2f34a072-a5f1-4b91-afdc-77fa1ddf168a", + "name": "97720c2d-2912-4fb7-92ca-c9f3c67494b4", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "a599ad3b-c743-4c96-a2c7-412241c428cd", "type": "index-pattern" } ], "state": { + "adHocDataViews": {}, "datasourceStates": { "formBased": { "layers": { @@ -1991,7 +2362,7 @@ "meta": { "alias": null, "disabled": false, - "index": "2f34a072-a5f1-4b91-afdc-77fa1ddf168a", + "index": "97720c2d-2912-4fb7-92ca-c9f3c67494b4", "key": "data_stream.dataset", "negate": false, "params": { @@ -2004,8 +2375,31 @@ "data_stream.dataset": "github.issues" } } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "field": "labels.is_transform_source", + "index": "a599ad3b-c743-4c96-a2c7-412241c428cd", + "key": "labels.is_transform_source", + "negate": false, + "params": { + "query": "false" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "labels.is_transform_source": "false" + } + } } ], + "internalReferences": [], "query": { "language": "kuery", "query": "" @@ -2065,24 +2459,21 @@ "i": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", "w": 48, "x": 0, - "y": 37 + "y": 40 }, "panelIndex": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32", "title": "Events Timeline [GitHub Issues]", - "type": "lens", - "version": "8.7.1" + "type": "lens" } ], "timeRestore": false, "title": "[GitHub] Issues", "version": 1 }, - "coreMigrationVersion": "8.7.1", - "created_at": "2023-07-10T01:37:27.152Z", + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-28T12:13:56.773Z", "id": "github-f0104680-ae18-11ed-83fa-df5d96a45724", - "migrationVersion": { - "dashboard": "8.7.0" - }, + "managed": false, "references": [ { "id": "logs-*", @@ -2096,7 +2487,12 @@ }, { "id": "logs-*", - "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:5c48f008-d4c0-4386-a853-a83f49efe49f", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:2249b84f-29d6-47a7-aa24-c87c6d45bfa5", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc15f49d-29b1-4e2e-8787-51ffbab5b4ac:43eab0b2-e0f5-463e-8c7b-44f4afbb1a72", "type": "index-pattern" }, { @@ -2106,7 +2502,12 @@ }, { "id": "logs-*", - "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:583b3dcc-776c-48a8-90a8-14a1cdf69d5e", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:5717ec62-4078-4491-a384-c7aac1188613", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "85cbbb74-4d3c-44e0-98f6-be076e31aea3:5afd4bdd-7354-447e-9325-c28f7fe52341", "type": "index-pattern" }, { @@ -2116,7 +2517,12 @@ }, { "id": "logs-*", - "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:acb267f3-3c77-47f8-bf79-98920679368c", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:f75f6ef6-859b-4da9-ad5a-5abc9e84babe", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "1b501988-f932-4d80-8625-d2a1c8cd7321:6bc155da-3a45-466e-be5f-7bc75225e92e", "type": "index-pattern" }, { @@ -2126,42 +2532,42 @@ }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c9577613-d758-45ed-be30-d9d3bfe47f77", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:ae91cb52-95a6-47c1-a724-2a5e2656c16e", "type": "index-pattern" }, { "id": "logs-*", - "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:c58d5e58-16ac-44f6-9fae-35770b969600", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:056dce8e-a9a5-4a60-b379-b3505a8b45eb", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "12c18b92-9f7b-4832-b85f-aad64720ea87:86c08808-9939-4279-ac33-87497b01eb7c", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:cd19d7a9-cf26-43bf-9c56-e5cc7b6bb638", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { "id": "logs-*", - "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:f3c66899-a26d-4da8-89b4-8dfe417dc588", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:2dc468a5-6525-4d7d-a1cf-f26d8458646f", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:1f3775d0-79c8-4b84-9ef5-72cd64d9a543", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:658f3ec5-1f8c-4cca-a794-7d1fedb00bd0", + "name": "7131e4d3-c168-480d-9496-1463ceaaa97a:c6a3b8f3-1e1f-4b7d-a084-f5149c2a0636", "type": "index-pattern" }, { "id": "logs-*", - "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:5620f741-77e6-4967-a417-ebc51bd0e047", + "name": "c3e8ea64-b6f9-470c-9004-02f8909672eb:indexpattern-datasource-layer-df5f2c10-bc9b-4a7e-be41-d13240c21d95", "type": "index-pattern" }, { @@ -2171,7 +2577,12 @@ }, { "id": "logs-*", - "name": "4e77167a-4642-4cbb-8430-2197e2f31666:d5e367bd-d27a-4e61-9878-93e20c4489bf", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:6bdbbca5-6ff6-4737-b807-cb69ea80f9e7", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4e77167a-4642-4cbb-8430-2197e2f31666:53c48ff4-a8b1-4b7e-8674-c0279a6e8617", "type": "index-pattern" }, { @@ -2181,7 +2592,12 @@ }, { "id": "logs-*", - "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:d1569ab7-96b8-4e3d-b843-ee21f8f657c7", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:1eae3343-5c3e-420d-8da8-5b8521980495", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "5135da2a-0093-4b71-a35a-c2b8877d22dd:b6d270fc-062a-4630-8a25-6f147493ece2", "type": "index-pattern" }, { @@ -2191,7 +2607,32 @@ }, { "id": "logs-*", - "name": "342298f7-3cf9-4d79-9654-901a769ac7c7:2b9bd05e-fb45-43ed-9698-8698c33e3c34", + "name": "342298f7-3cf9-4d79-9654-901a769ac7c7:199c4e2f-84cc-4d24-ac94-b3446c0a05a2", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "342298f7-3cf9-4d79-9654-901a769ac7c7:b04f6df8-56de-41ab-9633-e3b26856b88f", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:2855cc31-487e-4aa8-aa2d-cd221deb2867", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:5eedc8c5-6bfc-4cc7-a807-38185c7d73ae", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:3c006c9f-a83c-41fb-b83d-ed0a56320a23", "type": "index-pattern" }, { @@ -2201,7 +2642,12 @@ }, { "id": "logs-*", - "name": "ca116a6a-6146-40d8-b9d3-83c775d22456:6a68e03e-88f2-4710-b493-4364dd0bd102", + "name": "ca116a6a-6146-40d8-b9d3-83c775d22456:571230b6-3a65-49db-a726-372d30b9e6de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ca116a6a-6146-40d8-b9d3-83c775d22456:82a0cc72-9aa5-4c9b-81fc-d6756d3bea0c", "type": "index-pattern" }, { @@ -2211,32 +2657,32 @@ }, { "id": "logs-*", - "name": "4f987036-b757-47ce-967c-c417b7c95f3a:ecc24cb3-c482-43c4-a46d-3932fa8da9a7", + "name": "4f987036-b757-47ce-967c-c417b7c95f3a:7e29695b-b813-4541-afc6-c946f5cbeee4", "type": "index-pattern" }, { "id": "logs-*", - "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:indexpattern-datasource-layer-631035e6-8678-47ee-9a8c-c6a87f6c1757", + "name": "4f987036-b757-47ce-967c-c417b7c95f3a:ae179b13-4452-4e11-916c-45953b19e730", "type": "index-pattern" }, { "id": "logs-*", - "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:11d97294-f73e-42d5-9dbb-ae041743ba96", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", "type": "index-pattern" }, { "id": "logs-*", - "name": "0cc3c355-192b-4fc8-be0e-0a899c6ffcff:22540369-91b3-442d-be46-f9813f4fd273", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:97720c2d-2912-4fb7-92ca-c9f3c67494b4", "type": "index-pattern" }, { "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:indexpattern-datasource-layer-ebd4f001-671a-4772-a2c4-b07f94e34845", + "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:a599ad3b-c743-4c96-a2c7-412241c428cd", "type": "index-pattern" }, { "id": "logs-*", - "name": "234754b7-9ffa-44b0-b7f7-7ed6ec6a6d32:2f34a072-a5f1-4b91-afdc-77fa1ddf168a", + "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", "type": "index-pattern" }, { @@ -2250,10 +2696,16 @@ "type": "index-pattern" }, { - "id": "logs-*", - "name": "controlGroup_8fb8d319-c120-4bcb-849d-6d45f3f5406a:optionsListDataView", - "type": "index-pattern" + "id": "github-security-solution-default", + "name": "tag-ref-github-security-solution-default", + "type": "tag" + }, + { + "id": "github-security-solution-default", + "name": "tag-ref-security-solution-default", + "type": "tag" } ], - "type": "dashboard" + "type": "dashboard", + "typeMigrationVersion": "8.9.0" } \ No newline at end of file diff --git a/packages/github/kibana/tag/github-security-solution-default.json b/packages/github/kibana/tag/github-security-solution-default.json new file mode 100644 index 000000000000..bcec4f1c35c0 --- /dev/null +++ b/packages/github/kibana/tag/github-security-solution-default.json @@ -0,0 +1,14 @@ +{ + "attributes": { + "color": "#AAA8A5", + "description": "Tag defined in package-spec", + "name": "Security Solution" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2024-10-30T03:06:40.566Z", + "id": "github-security-solution-default", + "managed": false, + "references": [], + "type": "tag", + "typeMigrationVersion": "8.0.0" +} \ No newline at end of file diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index b167ffa08ba3..d9222081b068 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: "1.29.3" +version: "2.0.0" description: Collect logs from GitHub with Elastic Agent. type: integration format_version: "3.0.2"