Skip to content

[Network Beaconing Identification] Add destination.ip filter to beaconing transform #15672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 17, 2025
Merged

[Network Beaconing Identification] Add destination.ip filter to beaconing transform #15672

merged 3 commits into from
Oct 17, 2025

Conversation

@sodhikirti07
Copy link
Contributor

@sodhikirti07 sodhikirti07 commented Oct 17, 2025

Proposed commit message

  • Update beaconing transform

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • Updated transform to add exists filter for destination.ip
  • Updated changelog.yml and manifest.yml

How to test this PR locally

  • using ITP

Related issues

Screenshots

@sodhikirti07 sodhikirti07 requested review from a team as code owners October 17, 2025 15:27
@sodhikirti07 sodhikirti07 added bug Something isn't working, use only for issues Integration:beaconing Network Beaconing Identification labels Oct 17, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 17, 2025

💚 Build Succeeded

@andrewkroh andrewkroh added the Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml] label Oct 17, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 17, 2025

Pinging @elastic/sec-applied-ml (Team:Security-Applied ML)

qn895
qn895 approved these changes Oct 17, 2025
View reviewed changes
Copy link
Member

@qn895 qn895 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

jmcarlock
jmcarlock approved these changes Oct 17, 2025
View reviewed changes
Copy link
Contributor

@jmcarlock jmcarlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Tested with integrations test pipeline. Note: beaconing transform still needs to bump as per this discussion

@sodhikirti07
Copy link
Contributor Author

sodhikirti07 commented Oct 17, 2025

Note: beaconing transform still needs to bump as per this #14358 (comment)

I already bumped the transform

@sodhikirti07 sodhikirti07 merged commit 3e069a1 into main Oct 17, 2025
7 checks passed
@sodhikirti07 sodhikirti07 deleted the update-beaconing-transform branch October 17, 2025 16:48
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 17, 2025

Package beaconing - 1.3.3 containing this change is available at https://epr.elastic.co/package/beaconing/1.3.3/

agithomas pushed a commit to agithomas/integrations that referenced this pull request Oct 30, 2025
@sodhikirti07 @agithomas
[Network Beaconing Identification] Add destination.ip filter to beaco…
d72bc62 
…ning transform (elastic#15672)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmcarlock jmcarlock jmcarlock approved these changes

@qn895 qn895 qn895 approved these changes

Assignees

No one assigned

Labels

bug Something isn't working, use only for issues Integration:beaconing Network Beaconing Identification Team:Security-Applied ML Elastic Security Protections Machine Learning (ML) team [elastic/sec-applied-ml]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sodhikirti07 @elasticmachine @jmcarlock @qn895 @andrewkroh