[CrowdStrike] Add Support of Crowdstrike Event Stream

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

30 stars 447 forks source link

[CrowdStrike] Add Support of Crowdstrike Event Stream #11773

Open mohitjha-elastic opened 3 days ago

mohitjha-elastic commented 3 days ago

Type of change

Enhancement

Proposed Commit Message

Add support of new input type to collect logs for the falcon dataset- CrowdStrike Event Stream via streaming input. Update the minimum kibana version to 8.16.0 Add the entry of the crowdstrike event stream in readme

Checklist

[x] I have reviewed tips for building integrations and this pull request is aligned with them.
[x] I have verified that all data streams collect metrics or logs.
[x] I have added an entry to my package's changelog.yml file.
[x] I have verified that Kibana version constraints are current according to guidelines.

Screenshots

elasticmachine commented 3 days ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

mohitjha-elastic commented 2 days ago

There are not tests here. Can you remove the comment in the PR that says how to test locally since that obviously has no effect on this addition.

Have you tested? What do you need in order to add CI testing?

Thank you for pointing that out! I've removed the comment from the PR description.

It has been tested on the CrowdStrike Live Instance using the Event Stream API. I am under the impression that system testing for streaming is not yet supported.

efd6 commented 2 days ago

I am under the impression that system testing for streaming is not yet supported.

As far as the input is concerned, chunked and non-chunked connections are the same. It should be possible to simulate the behaviour of the API with stream as it currently exists.

efd6 commented 2 days ago

/test