Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix mapping references in elastic-ecs connector #1471

Merged
merged 18 commits into from
May 26, 2023
Merged

fix mapping references in elastic-ecs connector #1471

merged 18 commits into from
May 26, 2023

Conversation

Harmedox
Copy link
Contributor

@Harmedox Harmedox commented May 7, 2023

This PR fixes mapping errors identified by the to_stix_map validator.

@Harmedox Harmedox marked this pull request as draft May 10, 2023 21:21
@Harmedox Harmedox marked this pull request as ready for review May 15, 2023 17:08
subbyte
subbyte reviewed May 16, 2023
View reviewed changes
stix_shifter_modules/elastic_ecs/stix_translation/json/to_stix_map.json
@@ -1015,8 +1089,8 @@
}
],
"ppid": {
"key": "process.parent_ref.ppid",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if we have process:ppid and process:pgid in STIX. May need a double check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both attributes are pid refs. ppid refers to the parent process pid, while pgid refers to the process group leader pid. NB: pgid to be deprecated and referred to as process.group_leader.pid.

Fixed the refs in to_stix_map. See new commit.

A new group_leader_ref reference attribute should be added to Process STIX extensions.

@subbyte
Copy link
Member

subbyte commented May 19, 2023

Quick check: in to_stix, does the source entry has address similar to destination.address? I could not find the field in the develop branch, just to double check if we have fixed it here.

@mdazam1942 mdazam1942 merged commit 4d14643 into opencybersecurityalliance:develop May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@subbyte subbyte subbyte left review comments

@mdazam1942 mdazam1942 mdazam1942 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Harmedox @subbyte @mdazam1942