[Auditbeat] System module 6.6 - Githubissues

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash

https://www.elastic.co/products/beats

Other

12.11k stars 4.91k forks source link

[Auditbeat] System module 6.6 #8725

Closed cwurm closed 5 years ago

cwurm commented 5 years ago

This is the meta issue for the release of the first version of the Auditbeat system module.

Further tasks are tracked in the backlog issue.

General

[x] Implement host.id for darwin (done: https://github.com/elastic/go-sysinfo/pull/31)
[x] Populate message (done: https://github.com/elastic/beats/pull/9483)
[x] Add new fields to fields.ecs.yml (https://github.com/elastic/beats/issues/9318)
[x] Templates combining fields from both auditbeat and x-pack/auditbeat (done: https://github.com/elastic/beats/pull/9362)
[x] Merge feature branch feature-auditbeat-host (done: https://github.com/elastic/beats/pull/9546)
[x] Rename "metricset" to "dataset" everywhere (config done: https://github.com/elastic/beats/pull/10018, docs done: https://github.com/elastic/beats/pull/10101)

1. Host

[x] Initial implementation (done: https://github.com/elastic/beats/pull/8436)
[x] Implement change detection (done: https://github.com/elastic/beats/pull/9421)
[x] State reporting (done: https://github.com/elastic/beats/pull/9421)
[x] Documentation (done: https://github.com/elastic/beats/pull/9512)

2. Process

[x] Initial implementation (done: https://github.com/elastic/beats/pull/8436)
[x] Rename to process, implement scheduled state reporting, and change to single documents (merged: https://github.com/elastic/beats/pull/9139)
[x] Documentation (done: https://github.com/elastic/beats/pull/9512)
[x] Resilient data collection (done: https://github.com/elastic/beats/pull/9693)
[x] Fix on Windows (https://github.com/elastic/beats/issues/9748) (done: https://github.com/elastic/beats/pull/9863)

3. Socket

[x] Implement metricset incl. state reporting (done: https://github.com/elastic/beats/pull/8834)
[x] Documentation (done: https://github.com/elastic/beats/pull/9512)

4. User

[x] Implement metricset incl. state reporting (done: https://github.com/elastic/beats/pull/8835)
[x] Make reading /etc/shadow opt-in, and do multiple rounds of SHA-512 hashing (done: https://github.com/elastic/beats/pull/9461)
[x] Documentation (done: https://github.com/elastic/beats/pull/9512)
[x] Fix collection of group data (https://github.com/elastic/beats/issues/9679) (done: https://github.com/elastic/beats/pull/9732)

Main PRs (no longer maintained)

https://github.com/elastic/beats/pull/8356 (MERGED - Rename sysinfo module to system) https://github.com/elastic/beats/pull/8436 (MERGED - Add host, packages, and processes metricsets) https://github.com/elastic/beats/pull/8835 (MERGED - Add user metricset) https://github.com/elastic/beats/pull/8834 (MERGED - Socket metricset) https://github.com/elastic/beats/pull/9139 (MERGED - Update process metricset) https://github.com/elastic/beats/pull/9362 (MERGED - Add CI testing) https://github.com/elastic/beats/pull/9421 (MERGED - Update host metricset) https://github.com/elastic/beats/pull/9461 (MERGED - Opt-in to detecting password changes) https://github.com/elastic/beats/pull/9483 (MERGED - Add message field) https://github.com/elastic/beats/pull/9512 (MERGED - System module documentation) https://github.com/elastic/beats/pull/9546 (MERGED - Add system module)

tsg commented 5 years ago

Pinging @elastic/secops (mostly testing).

cwurm commented 5 years ago

fyi, I made a bunch of updates above to reflect the current state

cwurm commented 5 years ago

updated and added a backlog

cwurm commented 5 years ago

Updated to include only what will be in 6.6. Added new issue for 6.7 / 7.0.

cwurm commented 5 years ago

The System module was released with four datasets in 6.6. Closing.

Next releases 6.7 and 7.0 are tracked in https://github.com/elastic/beats/issues/10103.

Backlog in https://github.com/elastic/beats/issues/9344.