Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added url.extension field #551

Merged
merged 1 commit into from
Oct 3, 2019
Merged

Added url.extension field #551

merged 1 commit into from
Oct 3, 2019

Conversation

mbudge
Copy link
Contributor

@mbudge mbudge commented Sep 11, 2019

Added a url extension field as using the file.extension field to store this could confuse security analysts. It should be easier for security analysts to associate extension and url if it's in the url object. We want to avoid them thinking the file exists on the computer straight away.

Proxy logs provide the file extension in a uri extension field, along with
uri schema
uri domain
uri query
uri path etc..

Security analysts will want to look for file types like exe, js, swf, hda, vb, vbs, jar, bat coming from suspicious sites/locations.

@mbudge
Added url.extension field
4caad87 
Added a url extension field as using the file.extension field to store this could confuse security analysts. It should be easier for security analysts to associate extension and url if it's in the url object. We want to avoid them thinking the file exists on the computer.
@MikePaquette MikePaquette requested a review from webmat September 12, 2019 01:41
@webmat
Copy link
Contributor

webmat commented Sep 23, 2019

@elasticmachine, run elasticsearch-ci/docs

webmat
webmat suggested changes Sep 23, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this makes a lot of sense. I'm surprised we missed this one 😄Two small things before we merge, please:

  • Add a changelog entry to CHANGELOG.next.md
  • Address minor nit-pick below

schemas/url.yml
short: File extension from the original request url.
description: >
The field contains the file extension from the original request url.
The file extension is only set if it exists, as not every url has a file extension.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please insert an additional blank line here, to have this as two paragraphs in the docs

webmat pushed a commit to webmat/ecs that referenced this pull request Oct 1, 2019
Apply feedback from elastic#551.
0d386d3 
Also add en example
@webmat webmat mentioned this pull request Oct 1, 2019
Merged
@webmat
Copy link
Contributor

webmat commented Oct 3, 2019

@mbudge I just realized that how I've finished up the work on your contributions #542 and #557 didn't have you appear in the commits, as we squash the commits when merging PRs. Sorry about that.

I'll change my approach and merge your PRs, then rebase mine on top, in order for you to show up in the credits. Your input was really appreciated, and I think it's important to preserve that in the history, and repo stats 🙂

webmat
webmat approved these changes Oct 3, 2019
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, merging as is, and follow-ups are addressed in #573

@webmat webmat merged commit c6b5356 into elastic:master Oct 3, 2019
webmat pushed a commit that referenced this pull request Oct 3, 2019
Follow-up to Add url.extension (#573, #551)
e3ac452
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webmat webmat webmat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mbudge @webmat