Skip to content

[extrahop][Detection] Initial release of the extrahop #14557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 26, 2025
Merged

[extrahop][Detection] Initial release of the extrahop #14557

merged 6 commits into from
Aug 26, 2025

Conversation

@sharadcrest
Copy link
Contributor

@sharadcrest sharadcrest commented Jul 16, 2025
edited
Loading

Proposed commit message

The initial release includes detection data stream and associated dashboard.

ExtrHop fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the extrahop package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/extrahop directory.
  • Run the following command to run tests.

elastic-package test

Run asset tests for the package 2025/07/16 10:23:32 INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package --- Test results for package: extrahop - START --- ╭──────────┬─────────────┬───────────┬───────────────────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├──────────┼─────────────┼───────────┼───────────────────────────────────────────────────────────────────┼────────┼──────────────┤ │ extrahop │ │ asset │ dashboard extrahop-0987a5a3-15cb-4579-b298-08d170e7cb01 is loaded │ PASS │ 1.158µs │ │ extrahop │ │ asset │ search extrahop-d2c0d7c5-4e87-4141-a8e4-63fc832bf6b6 is loaded │ PASS │ 193ns │ │ extrahop │ detection │ asset │ index_template logs-extrahop.detection is loaded │ PASS │ 181ns │ │ extrahop │ detection │ asset │ ingest_pipeline logs-extrahop.detection-0.1.0 is loaded │ PASS │ 213ns │ ╰──────────┴─────────────┴───────────┴───────────────────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: extrahop - END --- Done Run pipeline tests for the package --- Test results for package: extrahop - START --- ╭──────────┬─────────────┬───────────┬────────────────────────────────────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├──────────┼─────────────┼───────────┼────────────────────────────────────────────────────────┼────────┼──────────────┤ │ extrahop │ detection │ pipeline │ (ingest pipeline warnings test-pipeline-detection.log) │ PASS │ 342.379164ms │ │ extrahop │ detection │ pipeline │ test-pipeline-detection.log │ PASS │ 150.361376ms │ ╰──────────┴─────────────┴───────────┴────────────────────────────────────────────────────────┴────────┴──────────────╯ --- Test results for package: extrahop - END --- Done Run policy tests for the package --- Test results for package: extrahop - START --- No test results --- Test results for package: extrahop - END --- Done Run static tests for the package --- Test results for package: extrahop - START --- ╭──────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├──────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤ │ extrahop │ detection │ static │ Verify sample_event.json │ PASS │ 149.596167ms │ ╰──────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯ --- Test results for package: extrahop - END --- Done Run system tests for the package 2025/07/16 10:23:38 INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package 2025/07/16 10:24:29 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/extrahop-1752641669027280467.log 2025/07/16 10:24:31 INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1752641671464199566.log --- Test results for package: extrahop - START --- ╭──────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮ │ PACKAGE │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │ TIME ELAPSED │ ├──────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤ │ extrahop │ detection │ system │ common │ PASS │ 37.058169613s │ ╰──────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯ --- Test results for package: extrahop - END --- Done

Screenshots

image image

Related issues
@sharadcrest sharadcrest marked this pull request as ready for review July 16, 2025 10:43
@sharadcrest sharadcrest requested a review from a team as a code owner July 16, 2025 10:43
@andrewkroh andrewkroh added New Integration Issue or pull request for creating a new integration package. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Crest Contributions from Crest developement team. labels Jul 16, 2025
@sharadcrest sharadcrest changed the title [extrahop] Initial release of the extrahop [extrahop][Detection] Initial release of the extrahop Jul 18, 2025
@cpascale43 cpascale43 added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Aug 14, 2025
@elasticmachine
Copy link

elasticmachine commented Aug 14, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
chemamartinez
chemamartinez reviewed Aug 18, 2025
View reviewed changes
kcreddy
kcreddy reviewed Aug 20, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@piyush-elastic and @sharadcrest , please update the your README.md for all new integrations as per the new template #14917. You can look at #14774 and #14271 as a sample.

cc: @narph @cpascale43
@ShourieG ShourieG mentioned this pull request Aug 21, 2025
Merged
5 tasks
ShourieG
ShourieG reviewed Aug 21, 2025
View reviewed changes
ShourieG
ShourieG approved these changes Aug 25, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@ShourieG
Copy link
Contributor

ShourieG commented Aug 25, 2025

Hi @elastic/integrations-triaging, need your approval to go ahead with merging.
kcreddy
kcreddy reviewed Aug 25, 2025
View reviewed changes
@sharadcrest sharadcrest requested a review from kcreddy August 26, 2025 06:20
@kcreddy
Copy link
Contributor

kcreddy commented Aug 26, 2025

/test
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 26, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@elasticmachine
Copy link

elasticmachine commented Aug 26, 2025

💚 Build Succeeded
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 26, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
90.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
kcreddy
kcreddy approved these changes Aug 26, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
@ShourieG ShourieG merged commit 5db67d2 into elastic:main Aug 26, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 26, 2025

Package extrahop - 0.1.0 containing this change is available at https://epr.elastic.co/package/extrahop/0.1.0/
@sharadcrest sharadcrest deleted the package-extrahop branch September 1, 2025 08:57
tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@sharadcrest
[extrahop][Detection] Initial release of the extrahop (elastic#14557)
5dfbdb7 
The initial release includes detection data stream and associated dashboard. ExtrHop fields are mapped to their corresponding ECS fields where possible. Test samples were derived from live data samples, which were subsequently sanitized.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:extrahop ExtraHop New Integration Issue or pull request for creating a new integration package. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

7 participants

@sharadcrest @elasticmachine @ShourieG @kcreddy @chemamartinez @andrewkroh @cpascale43