[crowdstrike] Add support of Vulnerability Events.

[muskan-agarwal26]

Type of change

• Enhancement

Proposed commit message

• Added vulnerability data stream.
• Updated ecs version to 8.17.0.
• Updated kibana version to the latest (^8.18.0 || ^9.0.0).
• Added transform pipeline in the vulnerability datastream.
• Added support of agentless server.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

• Clone integrations repo.
• Install the elastic package locally.
• Start the elastic stack using the elastic package.
• Move to integrations/packages/crowdstrike directory.
• Run the following command to run tests.

elastic-package test -v

Related issues

• [crowdstrike] Add vulnerability data to Crowdstrike integration #12470

Automated Test

--- Test results for package: crowdstrike - START ---
╭─────────────┬───────────────┬───────────┬──────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE     │ DATA STREAM   │ TEST TYPE │ TEST NAME                                                            │ RESULT │ TIME ELAPSED │
├─────────────┼───────────────┼───────────┼──────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ crowdstrike │               │ asset     │ dashboard crowdstrike-2921b7f0-99b5-11ee-bf4d-afbc95e0486c is loaded │ PASS   │      1.841µs │
│ crowdstrike │               │ asset     │ dashboard crowdstrike-63da2573-4e68-4e7d-a06b-6858edb60fd5 is loaded │ PASS   │        435ns │
│ crowdstrike │               │ asset     │ dashboard crowdstrike-a4972bc0-fb53-11eb-abed-07307b3f2b0f is loaded │ PASS   │        425ns │
│ crowdstrike │               │ asset     │ dashboard crowdstrike-ad80a080-821b-11ee-bae0-937af575b750 is loaded │ PASS   │        415ns │
│ crowdstrike │               │ asset     │ dashboard crowdstrike-d8070b00-99b3-11ee-bf4d-afbc95e0486c is loaded │ PASS   │        405ns │
│ crowdstrike │               │ asset     │ dashboard crowdstrike-e64e8fe0-8210-11ee-bae0-937af575b750 is loaded │ PASS   │        439ns │
│ crowdstrike │               │ asset     │ search crowdstrike-56381e0f-4f72-4fc7-810c-5ba5b2c47b8c is loaded    │ PASS   │        389ns │
│ crowdstrike │               │ asset     │ search crowdstrike-9b99d190-8214-11ee-bae0-937af575b750 is loaded    │ PASS   │        416ns │
│ crowdstrike │               │ asset     │ search crowdstrike-a9e7ff80-8212-11ee-bae0-937af575b750 is loaded    │ PASS   │        411ns │
│ crowdstrike │ alert         │ asset     │ index_template logs-crowdstrike.alert is loaded                      │ PASS   │        735ns │
│ crowdstrike │ alert         │ asset     │ ingest_pipeline logs-crowdstrike.alert-1.53.0 is loaded              │ PASS   │        252ns │
│ crowdstrike │ falcon        │ asset     │ index_template logs-crowdstrike.falcon is loaded                     │ PASS   │        308ns │
│ crowdstrike │ falcon        │ asset     │ ingest_pipeline logs-crowdstrike.falcon-1.53.0 is loaded             │ PASS   │        198ns │
│ crowdstrike │ fdr           │ asset     │ index_template logs-crowdstrike.fdr is loaded                        │ PASS   │        490ns │
│ crowdstrike │ fdr           │ asset     │ ingest_pipeline logs-crowdstrike.fdr-1.53.0 is loaded                │ PASS   │        517ns │
│ crowdstrike │ host          │ asset     │ index_template logs-crowdstrike.host is loaded                       │ PASS   │        510ns │
│ crowdstrike │ host          │ asset     │ ingest_pipeline logs-crowdstrike.host-1.53.0 is loaded               │ PASS   │        507ns │
│ crowdstrike │ vulnerability │ asset     │ index_template logs-crowdstrike.vulnerability is loaded              │ PASS   │        587ns │
│ crowdstrike │ vulnerability │ asset     │ ingest_pipeline logs-crowdstrike.vulnerability-1.53.0 is loaded      │ PASS   │        528ns │
╰─────────────┴───────────────┴───────────┴──────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: crowdstrike - END   ---
Done
--- Test results for package: crowdstrike - START ---
╭─────────────┬───────────────┬───────────┬─────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE     │ DATA STREAM   │ TEST TYPE │ TEST NAME                                                               │ RESULT │ TIME ELAPSED │
├─────────────┼───────────────┼───────────┼─────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ crowdstrike │ alert         │ pipeline  │ (ingest pipeline warnings test-alert.log)                               │ PASS   │ 359.323607ms │
│ crowdstrike │ alert         │ pipeline  │ test-alert.log                                                          │ PASS   │  456.90642ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-event-stream.log)                        │ PASS   │ 317.601589ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-audit-events.log)                 │ PASS   │ 317.081464ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-auth-activity.log)                │ PASS   │ 323.242721ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-cspmioa-streaming.log)            │ PASS   │ 320.394476ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-cspmsearch-streaming.log)         │ PASS   │ 365.135453ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-detection-summary.log)            │ PASS   │ 342.697889ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-events.log)                       │ PASS   │ 441.898243ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-firewall.log)                     │ PASS   │ 339.526812ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-identity-protection-incident.log) │ PASS   │ 437.779199ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-incident-summary.log)             │ PASS   │ 340.404372ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-ipd-summary.log)                  │ PASS   │ 344.546586ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-mobile-detection-summary.log)     │ PASS   │ 403.182404ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-recon-notification.log)           │ PASS   │ 359.943701ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-remote-response.log)              │ PASS   │ 322.186635ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-sample.log)                       │ PASS   │ 325.200688ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-tags-list.log)                    │ PASS   │ 333.304617ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-tags.log)                         │ PASS   │ 315.919697ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-user-activity.log)                │ PASS   │ 315.534469ms │
│ crowdstrike │ falcon        │ pipeline  │ (ingest pipeline warnings test-falcon-xdr-detection-summary.log)        │ PASS   │ 362.692581ms │
│ crowdstrike │ falcon        │ pipeline  │ test-event-stream.log                                                   │ PASS   │ 331.581872ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-audit-events.log                                            │ PASS   │ 254.355942ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-auth-activity.log                                           │ PASS   │ 173.554777ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-cspmioa-streaming.log                                       │ PASS   │  188.00738ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-cspmsearch-streaming.log                                    │ PASS   │ 162.875754ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-detection-summary.log                                       │ PASS   │ 215.152789ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-events.log                                                  │ PASS   │ 210.577439ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-firewall.log                                                │ PASS   │ 180.534446ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-identity-protection-incident.log                            │ PASS   │ 220.670344ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-incident-summary.log                                        │ PASS   │ 151.863587ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-ipd-summary.log                                             │ PASS   │ 196.701275ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-mobile-detection-summary.log                                │ PASS   │ 309.076892ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-recon-notification.log                                      │ PASS   │ 176.072146ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-remote-response.log                                         │ PASS   │ 162.371158ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-sample.log                                                  │ PASS   │ 236.993458ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-tags-list.log                                               │ PASS   │ 173.987908ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-tags.log                                                    │ PASS   │ 155.831135ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-user-activity.log                                           │ PASS   │ 163.143754ms │
│ crowdstrike │ falcon        │ pipeline  │ test-falcon-xdr-detection-summary.log                                   │ PASS   │ 188.698834ms │
│ crowdstrike │ fdr           │ pipeline  │ (ingest pipeline warnings test-data.log)                                │ PASS   │ 347.442891ms │
│ crowdstrike │ fdr           │ pipeline  │ (ingest pipeline warnings test-fdr.log)                                 │ PASS   │ 327.025628ms │
│ crowdstrike │ fdr           │ pipeline  │ (ingest pipeline warnings test-fdrv2-notmanaged.log)                    │ PASS   │ 373.972506ms │
│ crowdstrike │ fdr           │ pipeline  │ test-data.log                                                           │ PASS   │  229.74474ms │
│ crowdstrike │ fdr           │ pipeline  │ test-fdr.log                                                            │ PASS   │ 2.166714107s │
│ crowdstrike │ fdr           │ pipeline  │ test-fdrv2-notmanaged.log                                               │ PASS   │ 177.039508ms │
│ crowdstrike │ host          │ pipeline  │ (ingest pipeline warnings test-host.log)                                │ PASS   │ 336.874175ms │
│ crowdstrike │ host          │ pipeline  │ test-host.log                                                           │ PASS   │ 137.337986ms │
│ crowdstrike │ vulnerability │ pipeline  │ (ingest pipeline warnings test-vulnerability.log)                       │ PASS   │ 318.703817ms │
│ crowdstrike │ vulnerability │ pipeline  │ test-vulnerability.log                                                  │ PASS   │ 209.442172ms │
╰─────────────┴───────────────┴───────────┴─────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: crowdstrike - END   ---
Done
--- Test results for package: crowdstrike - START ---
No test results
--- Test results for package: crowdstrike - END   ---
Done
--- Test results for package: crowdstrike - START ---
╭─────────────┬───────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE     │ DATA STREAM   │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────────┼───────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ crowdstrike │ alert         │ static    │ Verify sample_event.json │ PASS   │ 178.729871ms │
│ crowdstrike │ falcon        │ static    │ Verify sample_event.json │ PASS   │ 163.556024ms │
│ crowdstrike │ fdr           │ static    │ Verify sample_event.json │ PASS   │ 230.074843ms │
│ crowdstrike │ host          │ static    │ Verify sample_event.json │ PASS   │ 131.810461ms │
│ crowdstrike │ vulnerability │ static    │ Verify sample_event.json │ PASS   │ 139.226333ms │
╰─────────────┴───────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: crowdstrike - END   ---
Done
--- Test results for package: crowdstrike - START ---
╭─────────────┬───────────────┬───────────┬───────────────┬────────┬─────────────────╮
│ PACKAGE     │ DATA STREAM   │ TEST TYPE │ TEST NAME     │ RESULT │    TIME ELAPSED │
├─────────────┼───────────────┼───────────┼───────────────┼────────┼─────────────────┤
│ crowdstrike │ alert         │ system    │ common        │ PASS   │   42.235010646s │
│ crowdstrike │ falcon        │ system    │ logfile       │ PASS   │   40.074886177s │
│ crowdstrike │ falcon        │ system    │ streaming     │ PASS   │   46.125620123s │
│ crowdstrike │ fdr           │ system    │ default       │ PASS   │ 2m40.664867497s │
│ crowdstrike │ fdr           │ system    │ keep-metadata │ PASS   │ 2m54.733607517s │
│ crowdstrike │ host          │ system    │ common        │ PASS   │   36.289970662s │
│ crowdstrike │ vulnerability │ system    │ common        │ PASS   │   38.427895743s │
╰─────────────┴───────────────┴───────────┴───────────────┴────────┴─────────────────╯
--- Test results for package: crowdstrike - END   ---
Done

Screenshots

[efd6]

/test

[efd6]

Why are fdr, host and vulnerability being touched here?

[elasticmachine]

💔 Build Failed

• Buildkite Build
• Commit: f710933

Failed CI Steps

• ✅ Check go sources

History