[panw] Parse URL for threat-file message types - Githubissues

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

39 stars 450 forks source link

[panw] Parse URL for threat-file message types #11730

Closed mjwolf closed 1 week ago

mjwolf commented 2 weeks ago

Proposed commit message

It's been observed that with threat-file events, the URL may be placed in a "FUTURE_USE" field. This adds support for parsing this field to URL, if it appears this is a URL in the file sub_type.

There isn't any PAN-OS documentation on this usage, so this change is based on actual observed events.

Checklist

[x] I have reviewed tips for building integrations and this pull request is aligned with them.
[x] I have verified that all data streams collect metrics or logs.
[x] I have added an entry to my package's changelog.yml file.
[x] I have verified that Kibana version constraints are current according to guidelines.
~~[ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices~~

elasticmachine commented 2 weeks ago

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

elastic-vault-github-plugin-prod[bot] commented 2 weeks ago

:rocket: Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine commented 1 week ago

:green_heart: Build Succeeded

Buildkite Build
Commit: 77f88e3c5d17c70c8b5f9ce7cdf6eac0bbc7a17f

History

:green_heart: Build #18288 succeeded 34de6984f872d7d09e33f77ca90331847ab915e7

elastic-sonarqube[bot] commented 1 week ago

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elastic-vault-github-plugin-prod[bot] commented 1 week ago

Package panw - 4.1.0 containing this change is available at https://epr.elastic.co/package/panw/4.1.0/