[Filebeat][New Module] Add support for Microsoft MTP / 365 Defender #21446
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Pinging @elastic/siem (Team:SIEM) |
botelastic
bot
added
needs_team
P1llus
changed the title
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
|
jenkins, test this |
marc-gr
approved these changes
Oct 5, 2020
andrewkroh
approved these changes
Oct 5, 2020
|
|
||
| beta[] | ||
|
|
||
| To configure access for filebeat to Microsoft 365 Defender you will have to create a new Azure Application registration, this will again return |
There was a problem hiding this comment.
Suggested change
| To configure access for filebeat to Microsoft 365 Defender you will have to create a new Azure Application registration, this will again return | |
| To configure access for Filebeat to Microsoft 365 Defender you will have to create a new Azure Application registration, this will again return. |
6 tasks
marc-gr
pushed a commit
to marc-gr/beats
that referenced
this pull request
Oct 6, 2020
…lastic#21446) * Initial commit for mtp mvp * first finished MVP version of MTP module * updating m365_defender with new fields and new name * reverting some files that shouldnt be added * removing dhcp generated logs from PR * converting two fields to strings and updating some default template configurations * adding changelog entry * Initial commit for mtp mvp * first finished MVP version of MTP module * updating m365_defender with new fields and new name * reverting some files that shouldnt be added * removing dhcp generated logs from PR * converting two fields to strings and updating some default template configurations * adding changelog entry * updating typo Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> (cherry picked from commit 804db76)
v1v
added a commit
to v1v/beats
that referenced
this pull request
Oct 6, 2020
* upstream/master: [CI] Setup git config globally (elastic#21562) docs: update generate_fields_docs.py (elastic#21359) Add support for additional fields from V2 ALB logs (elastic#21540) Move Prometheus query & remote_write to GA (elastic#21507) feat: add a new step to run the e2e tests for certain parts of Beats (elastic#21100) [Elastic Agent] Add elastic agent ID and version to events from filebeat and metricbeat. (elastic#21543) Release cloudfoundry input and processor as GA (elastic#21525) [Packetbeat] New SIP protocol (elastic#21221) [Filebeat][New Module] Add support for Microsoft MTP / 365 Defender (elastic#21446) [Beats][pytest] Asserting if filebeat logs include errors (elastic#20999) junipersrx-module initial release (elastic#20017) Add a persistent cache for cloudfoundry metadata based on badger (elastic#20775) Add missing changelog entry for cisco umbrella (elastic#21550) [Elastic Agent] Add upgrade CLI to initiate upgrade of Agent locally (elastic#21425) Enable filestream input (elastic#21533) Add filestream input reader (elastic#21481) [CI] fix 'no matches found within 10000' (elastic#21466) Fix billing.go aws.GetStartTimeEndTime (elastic#21531)
marc-gr
added a commit
that referenced
this pull request
Oct 6, 2020
…21446) (#21555) * Initial commit for mtp mvp * first finished MVP version of MTP module * updating m365_defender with new fields and new name * reverting some files that shouldnt be added * removing dhcp generated logs from PR * converting two fields to strings and updating some default template configurations * adding changelog entry * Initial commit for mtp mvp * first finished MVP version of MTP module * updating m365_defender with new fields and new name * reverting some files that shouldnt be added * removing dhcp generated logs from PR * converting two fields to strings and updating some default template configurations * adding changelog entry * updating typo Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com> (cherry picked from commit 804db76) Co-authored-by: Marius Iversen <pillus@chasenet.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR adds support for Microsoft 365 Defender (Microsoft Threat Protection), this builds upon the already existing module for Microsoft ATP (Microsoft Defender for Endpoint).
Why is it important?
Adds support for new products in beats.
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
The list of fields related to MTP is documented here: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide