Skip to content

[extrahop][Detection] Initial release of the extrahop #14557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[extrahop][Detection] Initial release of the extrahop #14557

wants to merge 3 commits into from

Conversation

sharadcrest
Copy link
Contributor

@sharadcrest sharadcrest commented Jul 16, 2025
edited
Loading

Proposed commit message

The initial release includes detection data stream and associated dashboard.

ExtrHop fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the extrahop package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/extrahop directory.
  • Run the following command to run tests.

elastic-package test

Run asset tests for the package
2025/07/16 10:23:32  INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package
--- Test results for package: extrahop - START ---
╭──────────┬─────────────┬───────────┬───────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE  │ DATA STREAM │ TEST TYPE │ TEST NAME                                                         │ RESULT │ TIME ELAPSED │
├──────────┼─────────────┼───────────┼───────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ extrahop │             │ asset     │ dashboard extrahop-0987a5a3-15cb-4579-b298-08d170e7cb01 is loaded │ PASS   │      1.158µs │
│ extrahop │             │ asset     │ search extrahop-d2c0d7c5-4e87-4141-a8e4-63fc832bf6b6 is loaded    │ PASS   │        193ns │
│ extrahop │ detection   │ asset     │ index_template logs-extrahop.detection is loaded                  │ PASS   │        181ns │
│ extrahop │ detection   │ asset     │ ingest_pipeline logs-extrahop.detection-0.1.0 is loaded           │ PASS   │        213ns │
╰──────────┴─────────────┴───────────┴───────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: extrahop - END   ---
Done
Run pipeline tests for the package
--- Test results for package: extrahop - START ---
╭──────────┬─────────────┬───────────┬────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE  │ DATA STREAM │ TEST TYPE │ TEST NAME                                              │ RESULT │ TIME ELAPSED │
├──────────┼─────────────┼───────────┼────────────────────────────────────────────────────────┼────────┼──────────────┤
│ extrahop │ detection   │ pipeline  │ (ingest pipeline warnings test-pipeline-detection.log) │ PASS   │ 342.379164ms │
│ extrahop │ detection   │ pipeline  │ test-pipeline-detection.log                            │ PASS   │ 150.361376ms │
╰──────────┴─────────────┴───────────┴────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: extrahop - END   ---
Done
Run policy tests for the package
--- Test results for package: extrahop - START ---
No test results
--- Test results for package: extrahop - END   ---
Done
Run static tests for the package
--- Test results for package: extrahop - START ---
╭──────────┬─────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE  │ DATA STREAM │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├──────────┼─────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ extrahop │ detection   │ static    │ Verify sample_event.json │ PASS   │ 149.596167ms │
╰──────────┴─────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: extrahop - END   ---
Done
Run system tests for the package
2025/07/16 10:23:38  INFO License text found in "/home/devuser/github/integrations/LICENSE.txt" will be included in package
2025/07/16 10:24:29  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/extrahop-1752641669027280467.log
2025/07/16 10:24:31  INFO Write container logs to file: /home/devuser/github/integrations/build/container-logs/elastic-agent-1752641671464199566.log
--- Test results for package: extrahop - START ---
╭──────────┬─────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE  │ DATA STREAM │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├──────────┼─────────────┼───────────┼───────────┼────────┼───────────────┤
│ extrahop │ detection   │ system    │ common    │ PASS   │ 37.058169613s │
╰──────────┴─────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: extrahop - END   ---
Done

Screenshots

image image

Related issues

@sharadcrest sharadcrest marked this pull request as ready for review July 16, 2025 10:43
@sharadcrest sharadcrest requested a review from a team as a code owner July 16, 2025 10:43
@andrewkroh andrewkroh added New Integration Issue or pull request for creating a new integration package. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Crest Contributions from Crest developement team. labels Jul 16, 2025
@sharadcrest sharadcrest changed the title [extrahop] Initial release of the extrahop [extrahop][Detection] Initial release of the extrahop Jul 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Crest Contributions from Crest developement team. dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sharadcrest @andrewkroh